Critical Microsoft Vulnerability CVE-2023-36884 Allows Privilege Escalation

Microsoft has released emergency security updates for a critical privilege escalation vulnerability affecting all supported versions of Windows. The vulnerability, tracked as CVE-2023-36884, has a CVSS score of 7.8 and is being actively exploited in limited attacks.

Affected products include:

• Windows 10 (version 1809 and later)
• Windows 11 (all versions)
• Windows Server 2008 and later
• Windows Server 2022
• Windows Server 2019
• Windows Server 2016

The vulnerability exists in the Windows Common Log File System Driver (clfs.sys) and could allow an attacker to execute arbitrary code with elevated privileges. Authentication is required for exploitation, but the attack complexity is low.

Microsoft released out-of-band security updates on July 11, 2023, outside the regular Patch Tuesday cycle. Organizations should apply these updates immediately.

Mitigation steps:

1. Install the security updates from Microsoft Security Update Guide
2. For systems that cannot be patched immediately, implement the registry workaround detailed in Security Advisory ADV230002
3. Enable Windows Defender Antivirus with real-time protection
4. Restrict local administrator privileges

The Microsoft Security Response Center (MSRC) has confirmed targeted exploitation of this vulnerability by sophisticated threat actors. Government agencies and critical infrastructure operators should prioritize patching.

The vulnerability was discovered by security researchers at Trellix who reported it to Microsoft through the coordinated vulnerability disclosure process.

Organizations can verify if their systems are vulnerable by checking the Microsoft Security Baseline tools.

Microsoft recommends testing updates in a staging environment before deployment to business systems. The updates may require system restarts.

For additional information about this vulnerability and related threats, consult the MSRC blog and the CISA Alert AA23-181A.