Actively exploited in the wild
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft — Windows · Listed in the CISA KEV since 2023-07-11. This indicates confirmed attacks in production environments.
Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
CVE-2023-36874
HighCVSS 7.8KEVExploitation Probability (EPSS)
Very high risk98th percentile — higher than 98% of all known CVEs
Summary
A vulnerability in the Windows Error Reporting Service allows for privilege escalation. An attacker can exploit this flaw to gain elevated privileges on the system.
Risk Assessment
Exploitation of this vulnerability could lead to unauthorized access to the system and potential takeover. Organizations should be aware of the risks associated with unauthorized privilege escalation.
Recommendation
It is recommended to update Windows to the latest version to patch this vulnerability. Additionally, monitoring and restricting access to the error reporting service may help mitigate the risk.
Original NVD description (English source)
Windows Error Reporting Service Elevation of Privilege Vulnerability

