Windows Privilege Escalation Flaw (CVE-2023-36424): Exploit Code Released, Patch Urgently Needed

CVE-2023-36424
Image: Nassim-Asrir

A security researcher has published details and proof-of-concept (PoC) code for a Windows CVE-2023-36424 vulnerability that could be exploited to elevate privileges from a Medium Integrity Level to a High Integrity Level. With a CVSS score of 7.8, this flaw could allow attackers to gain SYSTEM-level access on a compromised machine.

The Flaw and Its Implications

Microsoft patched the vulnerability in November 2023 but the release of proof-of-concept (PoC) code by security researcher Nassim-Asrir has brought new urgency to the situation. The PoC demonstrates how a malicious actor could exploit this bug to elevate privileges from Medium Integrity Level to High Integrity Level, potentially granting them full control over a targeted system.

Root Cause

Image: Nassim-Asrir

According to Asrir, the vulnerability arises from how Windows handles data from NTFS reparse points. A specific function, NtAlpcCreateResourceReserve, is alleged to not fully validate incoming data. This oversight can be leveraged to inject malicious code at a higher privilege level, essentially bypassing a crucial security barrier.

The Risk is Real

While patched systems are protected, any machines running outdated versions of Windows remain at significant risk. Successful exploitation of CVE-2023-36424 could enable a wide range of malicious activities, including:

  • Installation of malware and ransomware
  • Data theft or exfiltration
  • System disruption or destruction

Protect Yourself – Patch Now

If you haven’t already applied the relevant Microsoft Patch Tuesday update from November 2023, do so immediately. Organizations should prioritize swift patching, especially for internet-facing systems or those holding critical data.