CVE-2023-36603 – CVE-2023-36603 is a Windows TCP/IP stack vulner... (How to Fix)

Q: What is the severity of CVE-2023-36603?

CVE-2023-36603 has a CVSS score of 7.5 (HIGH). CVE-2023-36603 is a Windows TCP/IP stack vulnerability that allows remote attackers to cause a denial of service (system crash/BSOD) by sending specially crafted network packets. This affects Windows systems with the vulnerable TCP/IP implementation. The vulnerability requires no authentication and can be exploited remotely.

📋 TL;DR

CVE-2023-36603 is a Windows TCP/IP stack vulnerability that allows remote attackers to cause a denial of service (system crash/BSOD) by sending specially crafted network packets. This affects Windows systems with the vulnerable TCP/IP implementation. The vulnerability requires no authentication and can be exploited remotely.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All systems with TCP/IP networking enabled are vulnerable by default. No special configuration required.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash (Blue Screen of Death) leading to service disruption, potential data loss from unsaved work, and requiring manual reboot of affected systems.

🟠

Likely Case

Targeted systems become unresponsive or crash, causing temporary service outages until systems are rebooted, potentially affecting business operations.

🟢

If Mitigated

With proper network segmentation and firewall rules, impact is limited to isolated network segments with minimal business disruption.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation possible from any internet-connected attacker.

🏢 Internal Only: MEDIUM - Requires internal network access but still poses significant risk to critical systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Microsoft has not disclosed technical details, but CVSS indicates network-accessible attack vector with low attack complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates released in June 2023 Patch Tuesday

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603

Restart Required: Yes

Instructions:

1. Apply Windows Update from June 2023 or later. 2. Install KB5027231 for Windows 10, KB5027223 for Windows 11, or corresponding Server updates. 3. Restart system after installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable systems from untrusted networks using firewalls and network segmentation.

Windows Firewall Rules

windows

Restrict inbound TCP/IP traffic to only necessary ports and sources.

New-NetFirewallRule -DisplayName "Block Unnecessary TCP" -Direction Inbound -Protocol TCP -Action Block

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy intrusion prevention systems (IPS) with TCP/IP anomaly detection

🔍 How to Verify

Check if Vulnerable:

Check if June 2023 security updates are installed via Windows Update history or systeminfo command.

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5027231 (Win10), KB5027223 (Win11), or corresponding Server updates are installed and system has been restarted.

📡 Detection & Monitoring

Log Indicators:

System event logs showing unexpected system crashes (Event ID 41)
Blue screen crash dumps in C:\Windows\Minidump

Network Indicators:

Unusual TCP packet patterns targeting vulnerable systems
Multiple connection attempts to TCP ports

SIEM Query:

EventID=41 AND Source="Microsoft-Windows-Kernel-Power" AND Description contains "The system has rebooted without cleanly shutting down"

📊 Metadata

CVE ID: CVE-2023-36603

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: October 10, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36603, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Windows Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities