1. Home
  2. Vulnerabilities
  3. CVE-2023-36874

CVE-2023-36874

CVSS v3.1 7.8 (High)
78% Progress
EPSS 4.78 % (93th)
4.78% Progress
Affected Products 12
Advisories 2
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows Error Reporting Service Elevation of Privilege Vulnerability

Weaknesses
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2023-07-11 18:15:20
(14 months ago)
Updated Date
2024-06-27 19:00:13
(2 months ago)
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874; https://nvd.nist.gov/vuln/detail/CVE-2023-36874
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2023-07-11
(14 months ago)
Due Date
2023-08-01
(13 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.20048 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.20048
  Microsoft Windows 10 1607 prior 10.0.14393.6085 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.6085
  Microsoft Windows 10 1809 prior 10.0.17763.4645 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.4645
  Microsoft Windows 10 21h2 prior 10.0.19041.3208 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19041.3208
  Microsoft Windows 10 22h2 prior 10.0.19045.3208 version cpe:2.3:o:microsoft:windows_10_22h2 < 10.0.19045.3208
  Microsoft Windows 11 21h2 prior 10.0.22000.2176 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.2176
  Microsoft Windows 11 22h2 prior 10.0.22621.1992 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.1992
  Microsoft Windows Server 2008 SP2 cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  Microsoft Windows Server 2008 R2 SP1 on X64 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64
  Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 cpe:2.3:o:microsoft:windows_server_2016:-
  Microsoft Windows Server 2019 cpe:2.3:o:microsoft:windows_server_2019:-
  Microsoft Windows Server 2022 cpe:2.3:o:microsoft:windows_server_2022:-