Zero-Day Windows Error Reporting Service Vulnerability Exploited: PoC Code Released

August 21, 2023

The zero-day vulnerability (CVE-2023-36874) with a CVSS score of 7.8, affects the Windows Error Reporting Service (WER), a component that collects and sends error reports to Microsoft. The flaw arises from the way WER handles specially crafted requests.

An attacker can exploit this vulnerability by creating a malicious program designed to leverage the flaw. On execution, the attacker could gain elevated privileges on the system. The flaw was discovered by Vlad Stolyarov and Maddie Stone of Google's Threat Analysis Group (TAG).

CVE-2023-36874 is an actively exploited zero-day, meaning it was being exploited even before the release of a fix or sometimes before its public disclosure. Such vulnerabilities are attractive to cybercriminals as they provide a window of opportunity before patches are deployed.

However, exploiting this vulnerability is not as simple as it may seem. According to Microsoft's advisories, an attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default. Despite this, given the global usage of Windows, even a minor vulnerability can expose millions of devices to risk.

A security researcher known as d0rb alerted Windows users that he had created a proof-of-concept (PoC) exploit for CVE-2023-36874. In response to the threat posed by CVE-2023-36874, Microsoft promptly addressed and patched this vulnerability in their July 2023 Patch Tuesday update, providing users with protection against potential exploits. It is crucial for businesses and individual users to keep their systems updated to avoid falling victim to such threats.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.