CVE Catalog

Actively exploited in the wild

Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability

Microsoft — Windows · Listed in the CISA KEV since 2023-07-11. This indicates confirmed attacks in production environments.

Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

CVE-2023-36874

HighCVSS 7.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
32.31%

98th percentile — higher than 98% of all known CVEs

Summary

A vulnerability in the Windows Error Reporting Service allows for privilege escalation. An attacker can exploit this flaw to gain elevated privileges on the system.

Risk Assessment

Exploitation of this vulnerability could lead to unauthorized access to the system and potential takeover. Organizations should be aware of the risks associated with unauthorized privilege escalation.

Recommendation

It is recommended to update Windows to the latest version to patch this vulnerability. Additionally, monitoring and restricting access to the error reporting service may help mitigate the risk.

Original NVD description (English source)

Windows Error Reporting Service Elevation of Privilege Vulnerability

Vulnerability data from NVD (NIST) · CISA KEV · EPSS