all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Micropatches Released For Windows Error Reporting Service Elevation of Privilege (CVE-2023-36874)

Add to bookmarks
Sept. 13, 2023, 3:40 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

  

With July 2023 Windows Updates, Microsoft brought a fix for CVE-2023-36874, a local privilege escalation vulnerability in Windows Error Reporting Service that was found both by Google TAG and CrowdStrike to be exploited in the wild in the previous month.

When security researcher Filip Dragovic released a proof of concept for this issue, we could reproduce it and start working on a patch.


The Vulnerability

In short, the Windows Error Reporting Service has a number of functions exposed via …

concept crowdstrike cve cve-2023-36874 elevation of privilege error escalation exploited fix found google google tag july july 2023 local local privilege escalation microsoft privilege privilege escalation proof reporting researcher security security researcher service tag updates vulnerability windows windows updates

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps an hour ago | malware.news
android android apps application applications +24
Microsoft named overall leader in KuppingerCole Leadership Compass for ITDR an hour ago | malware.news
article blog community compass +11
Release Notes: YARA Search, New Rules, Config Extractors, and More 2 hours ago | malware.news
any.run april config data +22
2023 Activities Summary of SectorJ groups (KOR) 3 hours ago | malware.news
ransomware
ISC Stormcast For Thursday, May 2nd, 2024 https://isc.sans.edu/podcastdetail/8964, (Thu, May 2nd) 5 hours ago | malware.news
topic
Verizon’s 2024 Data Breach Investigations Report: 5 key takeaways 7 hours ago | malware.news
ai threats article breach data +16
Analysis of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware) 7 hours ago | malware.news
ahnlab analysis asec attacks +21
4 Easy Ways to Find Free Wi-Fi Anywhere You Go 8 hours ago | malware.news
can challenge coffee easy +10
AI's Offensive & Defensive Impacts 9 hours ago | malware.news
alto blog cybersecurity defensive +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs