CVE-2023-36884

Q: What is the severity of CVE-2023-36884?

CVE-2023-36884 has a CVSS score of 7.5 (HIGH). CVE-2023-36884 is a remote code execution vulnerability in Windows Search that allows attackers to execute arbitrary code on affected systems. It affects Windows operating systems and can be exploited by sending specially crafted requests. Organizations running vulnerable Windows versions are at risk.

7.5 HIGH

Remote Code Execution

📋 TL;DR

CVE-2023-36884 is a remote code execution vulnerability in Windows Search that allows attackers to execute arbitrary code on affected systems. It affects Windows operating systems and can be exploited by sending specially crafted requests. Organizations running vulnerable Windows versions are at risk.

💻 Affected Systems

Products:

Windows Search

Versions: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Windows Search service runs by default on affected systems. Systems with Windows Search disabled are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Attacker gains initial foothold on network, leading to lateral movement, credential harvesting, and data exfiltration.

🟢

If Mitigated

Attack contained to isolated segment with limited impact due to network segmentation and least privilege controls.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploits have been observed in the wild. Attackers can exploit this vulnerability without user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2023 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

Restart Required: Yes

Instructions:

1. Apply July 2023 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or SCCM. 3. Restart systems after patch installation.

🔧 Temporary Workarounds

Disable Windows Search Service

windows

Temporarily disable the Windows Search service to prevent exploitation

sc config WSearch start= disabled
sc stop WSearch

Block Network Access to Windows Search

windows

Use firewall rules to block network access to Windows Search service

netsh advfirewall firewall add rule name="Block Windows Search" dir=in action=block protocol=TCP localport=445

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems
Apply strict firewall rules to limit access to Windows Search service

🔍 How to Verify

Check if Vulnerable:

Check if Windows Search service is running and system has not applied July 2023 security updates

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify July 2023 security updates are installed and Windows Search service version is updated

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from searchindexer.exe
Suspicious network connections from Windows Search service

Network Indicators:

Unexpected traffic to/from port 445 associated with Windows Search
Anomalous SMB protocol patterns

SIEM Query:

Process Creation where Image contains "searchindexer.exe" and CommandLine contains suspicious patterns

📊 Metadata

CVE ID: CVE-2023-36884

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-362

Published: July 11, 2023

Last Updated: October 28, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 Patch,Vendor Advisory
http://seclists.org/fulldisclosure/2023/Jul/43 Broken Link,Mailing List,Third Party Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 Patch,Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36884 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Windows Search Service

Block Network Access to Windows Search

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities