CVE-2023-36049

7.6 HIGH

📋 TL;DR

This vulnerability allows attackers to elevate privileges on systems running affected .NET, .NET Framework, and Visual Studio versions. An authenticated attacker could exploit this to gain higher privileges than intended, potentially compromising the entire system. Organizations using these Microsoft products should prioritize patching.

💻 Affected Systems

Products:

.NET
.NET Framework
Visual Studio

Versions: Specific affected versions detailed in Microsoft advisory; generally recent versions prior to November 2023 patches.

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have initial access to the system; exploitation depends on specific .NET component usage patterns.

📦 What is this software?

.net by Microsoft

View all CVEs affecting .net →

.net by Microsoft

View all CVEs affecting .net →

.net by Microsoft

View all CVEs affecting .net →

.net by Microsoft

View all CVEs affecting .net →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

Visual Studio 2022 by Microsoft

View all CVEs affecting Visual Studio 2022 →

Visual Studio 2022 by Microsoft

View all CVEs affecting Visual Studio 2022 →

Visual Studio 2022 by Microsoft

View all CVEs affecting Visual Studio 2022 →

Visual Studio 2022 by Microsoft

View all CVEs affecting Visual Studio 2022 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, allowing installation of malware, data theft, or lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, access sensitive data, or maintain persistence on compromised systems.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege principles, and endpoint protection in place.

🌐 Internet-Facing: MEDIUM - While primarily a local privilege escalation, internet-facing systems could be compromised through other initial access vectors.

🏢 Internal Only: HIGH - Internal systems with affected .NET components are vulnerable to authenticated attackers moving laterally within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access; exploitation details not publicly disclosed as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: November 2023 security updates for .NET, .NET Framework, and Visual Studio

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049

Restart Required: Yes

Instructions:

1. Apply November 2023 security updates from Windows Update or Microsoft Update Catalog. 2. For .NET Core/.NET 5+, update to patched versions. 3. Restart affected systems after patching.

🔧 Temporary Workarounds

Restrict User Privileges

windows

Implement least privilege principle to limit potential impact of privilege escalation

Network Segmentation

all

Segment networks to limit lateral movement if exploitation occurs

🧯 If You Can't Patch

Implement strict access controls and monitor for suspicious privilege escalation attempts
Deploy endpoint detection and response (EDR) solutions to detect exploitation patterns

🔍 How to Verify

Check if Vulnerable:

Check installed .NET versions against Microsoft's security advisory; use 'wmic product get name,version' or PowerShell 'Get-ChildItem "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP" -Recurse | Get-ItemProperty -Name Version,Release -ErrorAction 0'

Check Version:

For .NET Framework: reg query "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" /v Release

Verify Fix Applied:

Verify November 2023 security updates are installed via Windows Update history or check .NET Framework version is updated to patched version

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events in Windows Security logs (Event ID 4672, 4688)
Suspicious .NET process behavior or unexpected service creation

Network Indicators:

Unusual outbound connections from systems running .NET applications post-exploitation

SIEM Query:

EventID=4672 OR EventID=4688 | where ProcessName contains ".NET" OR CommandLine contains suspicious privilege escalation patterns

📊 Metadata

CVE ID: CVE-2023-36049

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE: CWE-20

Published: November 14, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049 Patch,Vendor Advisory