Windows Error Reporting Service Privilege Enhancement Vulnerability (CVE-2023-36874)

Windows Error Reporting Service Privilege Enhancement Vulnerability (CVE-2023-36874)

July 17, 2023 | NSFOCUS

Overview

NSFOCUS security team recently monitored that Microsoft released a security patch, fixing the Windows Error Reporting service privilege escalation vulnerability (CVE-2023-36874). An attacker who successfully exploited this vulnerability could gain administrator privileges. Microsoft’s official security update announcement in July stated that attackers must have local access to the target computer, and users must be able to create folders and performance tracking on the computer, with the default restricted permissions of ordinary users, and marked the vulnerability as “detected exploitation”. Due to the exploitation of this vulnerability in the wild, affected users are advised to take measures as soon as possible.

Scope of Impact

Affected version:

  • Windows Server 2012 R2 (Server Core Installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core Installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64 based Systems Service Pack 1 (Server Core Installation)
  • Windows Server 2008 R2 for x64 based Systems Service Pack 1
  • Windows Server 2008 for x64 based Systems Service Pack 2 (Server Core Installation)
  • Windows Server 2008 for x64 based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core Installation)
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2016 (Server Core Installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64 based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64 based Systems
  • Windows 10 for 32-bit Systems
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64 based Systems
  • Windows 10 Version 22H2 for x64 based Systems
  • Windows 11 Version 22H2 for x64 based Systems
  • Windows 11 Version 22H2 for ARM64 based Systems
  • Windows 10 Version 21H2 for x64 based Systems
  • Windows 10 Version 21H2 for ARM64 based Systems
  • Windows 10 Version 21H2 for 32 bit Systems
  • Windows 11 version 21H2 for ARM64 based Systems
  • Windows 11 version 21H2 for x64 based Systems
  • Windows Server 2022 (Server Core Installation)
  • Windows Server 2022
  • Windows Server 2019 (Server Core Installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for ARM64 based Systems
  • Windows 10 Version 1809 for x64 based Systems
  • Windows 10 Version 1809 for 32-bit Systems

Detection

The new version of NSFOCUS Unified Endpoint Security Management (UES) has the ability to detect this vulnerability:

Mitigation

At present, Microsoft has officially released a security patch to fix the above vulnerabilities for supported product versions. We strongly recommend that affected users install the patch as soon as possible for protection. The official download link is:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul

Note: Due to network issues, computer environment issues, and other reasons, patch updates for Windows Update may fail. After installing the patch, users should promptly check whether the patch has been successfully updated.

Right click on the Windows icon, select “Settings”, select “Updates and Security” – “Windows Update” to view the prompts on this page, or click “View Update History” to view the historical update status.

For updates that have not been successfully installed, you can click on the update name to go to the Microsoft official download page. It is recommended that users click on the link on this page and go to the “Microsoft Update Directory” website to download and install the independent package.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.