Login Sign Up

CVE-2023-24936

7.5 HIGH

📋 TL;DR

This vulnerability allows attackers to elevate privileges on affected .NET, .NET Framework, and Visual Studio installations. An authenticated attacker could exploit this to gain higher privileges than intended, potentially compromising the entire system. Organizations using these Microsoft products on Windows systems are affected.

💻 Affected Systems

Products:
  • .NET
  • .NET Framework
  • Visual Studio
Versions: Multiple versions - see Microsoft advisory for specific affected versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both server and client installations. Specific version ranges vary by product - check Microsoft advisory for exact affected versions.

📦 What is this software?

.net by Microsoft

View all CVEs affecting .net →

.net by Microsoft

View all CVEs affecting .net →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an authenticated attacker gains SYSTEM/administrator privileges, enabling installation of malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, access restricted resources, and maintain persistence on compromised systems.

🟢

If Mitigated

Limited impact with proper privilege separation, application control policies, and network segmentation preventing lateral movement.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation vulnerability requiring initial access to the system.
🏢 Internal Only: HIGH - Once an attacker gains initial access to a system (through phishing, credential theft, etc.), they can exploit this to elevate privileges and move laterally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access to the system. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by product - see Microsoft Security Update Guide

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936

Restart Required: Yes

Instructions:

1. Review Microsoft Security Update Guide for affected versions. 2. Apply the latest security updates from Windows Update or Microsoft Update Catalog. 3. Restart affected systems to complete installation.

🔧 Temporary Workarounds

Principle of Least Privilege

windows

Limit user privileges to only what's necessary for their role to reduce impact of successful exploitation

Application Control

windows

Implement application control policies to restrict execution of unauthorized binaries

🧯 If You Can't Patch

  • Implement strict network segmentation to limit lateral movement
  • Enforce strong authentication and monitor for suspicious privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check installed .NET/Visual Studio versions against Microsoft's affected versions list in the advisory

Check Version:

For .NET Framework: reg query "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" /v Release

Verify Fix Applied:

Verify security updates are installed via Windows Update history or by checking version numbers against patched versions in advisory

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing privilege escalation attempts
  • Security logs with unexpected process elevation

Network Indicators:

  • Unusual outbound connections from elevated processes
  • Lateral movement attempts from compromised systems

SIEM Query:

EventID=4688 AND NewProcessName CONTAINS "powershell.exe" OR "cmd.exe" AND SubjectUserName != SYSTEM AND TokenElevationType != %%1936

📊 Metadata

CVE ID: CVE-2023-24936
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: June 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON