PT-2023-3830 · Microsoft · Windows Error Reporting Service+1
Maddie Stone
+1
·
Published
2023-07-11
·
Updated
2025-01-23
·
CVE-2023-36874
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows Error Reporting Service (affected versions not specified)
Description
The issue is related to an elevation-of-privilege vulnerability in the Windows Error Reporting Service, which allows attackers to affect the system. This vulnerability is associated with insecure privilege management and can be exploited to gain administrator privileges on a Windows device. There have been reports of this vulnerability being exploited in the wild. The Falcon Complete MDR team has discovered and blocked a zero-day exploit affecting Windows Error Reporting.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
LPE
Link Following
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Windows
Windows Error Reporting Service