CVE-2023-36594

Q: What is the severity of CVE-2023-36594?

CVE-2023-36594 has a CVSS score of 7.8 (HIGH). This Windows Graphics Component vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by exploiting improper access control. It affects Windows systems where an attacker can run a specially crafted application. The vulnerability requires local access and user interaction.

7.8 HIGH

📋 TL;DR

This Windows Graphics Component vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by exploiting improper access control. It affects Windows systems where an attacker can run a specially crafted application. The vulnerability requires local access and user interaction.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of supported Windows versions. Requires attacker to have ability to run code on target system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling installation of malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM, allowing attackers to bypass security controls and maintain persistence.

🟢

If Mitigated

Limited impact due to proper patch management and endpoint protection blocking malicious applications.

🌐 Internet-Facing: LOW - Requires local access and user interaction, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Insider threats or compromised accounts could exploit this for privilege escalation within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and user interaction. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2023 security updates (KB5031356 for Windows 10, KB5031354 for Windows 11)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Click 'Check for updates'. 3. Install October 2023 security updates. 4. Restart system when prompted.

🔧 Temporary Workarounds

Restrict application execution

windows

Use AppLocker or Windows Defender Application Control to restrict execution of untrusted applications.

Enable exploit protection

windows

Enable Windows Defender Exploit Guard with recommended settings.

🧯 If You Can't Patch

Implement strict application whitelisting to prevent execution of untrusted code
Use endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if October 2023 security updates are installed via Windows Update history or systeminfo command.

Check Version:

wmic qfe list | findstr KB5031356 or systeminfo | findstr KB5031354

Verify Fix Applied:

Verify KB5031356 (Win10) or KB5031354 (Win11) is installed in Installed Updates list.

📡 Detection & Monitoring

Log Indicators:

Event ID 4688 with suspicious parent processes
Unexpected privilege escalation events in security logs

Network Indicators:

Unusual outbound connections from SYSTEM context following local execution

SIEM Query:

EventID=4688 AND NewProcessName="*" AND SubjectUserName!="SYSTEM" AND TokenElevationType="%%1936"

📊 Metadata

CVE ID: CVE-2023-36594

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-843

Published: October 10, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict application execution

Enable exploit protection

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities