Microsoft has addressed a critical remote code execution vulnerability in Windows that could allow attackers to take complete control of affected systems without authentication.
Microsoft has released security updates to address a critical vulnerability in its Windows operating system. The flaw, tracked as CVE-2023-36874, could allow attackers to execute arbitrary code with elevated privileges on vulnerable systems.
The vulnerability exists in the Windows Common Log File System Driver (clfs.sys). An attacker who successfully exploited this vulnerability could gain the same user rights as the Local System account. This could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.
Affected Products:
- Windows 10 Version 1607
- Windows 10 Version 1809
- Windows 10 Version 1909
- Windows 10 Version 2004
- Windows 10 Version 20H2
- Windows 10 Version 21H2
- Windows 10 Version 22H2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
- Windows 11 Version 21H2
- Windows 11 Version 22H2
The vulnerability carries a CVSS score of 8.8 (High severity) for the authentication-required variant and 9.8 (Critical severity) for the authentication-not-required variant.
Microsoft has confirmed that this vulnerability is under active exploitation in the wild. Attackers are targeting this vulnerability through specially crafted applications that exploit the flaw in the Windows Common Log File System Driver.
Mitigation Steps:
- Apply the security updates immediately as released in Microsoft's June 2023 Security Update
- Systems that cannot be patched should be isolated from untrusted networks
- Implement application whitelisting to restrict execution of unauthorized applications
- Enable Windows Defender Exploit Guard to help protect against exploitation attempts
- Monitor for unusual system activity, especially related to clfs.sys processes
Timeline:
- Vulnerability discovered: April 2023
- Microsoft notified: May 2023
- Patch released: June 13, 2023
- Active exploitation detected: June 2023
For detailed information on the vulnerability, refer to the Microsoft Security Advisory CVE-2023-36874.
Organizations should prioritize deployment of this security update across their Windows infrastructure. The update can be deployed through Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or by manually installing the updates from the Microsoft Update Catalog.
Additional guidance on implementing these security updates can be found in Microsoft's Security Update Guide.
Comments
Please log in or register to join the discussion