A security researcher has published details and proof-of-concept code for a Windows CVE-2023-36424 vulnerability that could be exploited to elevate privileges from a Medium Integrity Level to a High Integrity Level.
The vulnerability is assigned a CVSS score of 7.8, this flaw could allow attackers to gain SYSTEM-level access on a compromised machine.
Microsoft patched the vulnerability in November 2023 but the release of proof-of-concept code by security researcher Nassim-Asrir has brought new urgency to the situation. The PoC demonstrates how a malicious actor could exploit this bug to elevate privileges from Medium Integrity Level to High Integrity Level, potentially granting them full control over a targeted system.
The vulnerability arises from how Windows handles data from NTFS reparse points. A specific function, NtAlpcCreateResourceReserve, is alleged to not fully validate incoming data. This oversight can be leveraged to inject malicious code at a higher privilege level, essentially bypassing a crucial security barrier.
Any machines running outdated versions of Windows remain at significant risk. Successful exploitation of CVE-2023-36424 could enable a wide range of malicious activities.
If you haven’t already applied the relevant Microsoft Patch Tuesday update from November 2023, do so immediately. Organizations should prioritize swift patching, especially for internet-facing systems or those holding critical data.
