all InfoSec news
Micropatches Released For Windows Error Reporting Service Elevation of Privilege (CVE-2023-36874)
Malware Analysis, News and Indicators - Latest topics malware.news
With July 2023 Windows Updates, Microsoft brought a fix for CVE-2023-36874, a local privilege escalation vulnerability in Windows Error Reporting Service that was found both by Google TAG and CrowdStrike to be exploited in the wild in the previous month.
When security researcher Filip Dragovic released a proof of concept for this issue, we could reproduce it and start working on a patch.
The Vulnerability
In short, the Windows Error Reporting Service has a number of functions exposed via …
concept crowdstrike cve cve-2023-36874 elevation of privilege error escalation exploited fix found google google tag july july 2023 local local privilege escalation microsoft privilege privilege escalation proof reporting researcher security security researcher service tag updates vulnerability windows windows updates