COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-36424

CVE-2023-36424

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-13
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-36424
⌖ exploited in the wild shame 45/100 exploited-in-wildunpatched

Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability enabling privilege escalation.

This unpatched CVE-2023-36424 allows privilege escalation in Windows, posing a critical risk to DIB organizations relying on Microsoft infrastructure. Immediate patching is required to prevent unauthorized access to sensitive systems.

Shame score — A known vulnerability in a widely used OS component that has been actively exploited but is not directly linked to ransomware.

Players implicated

Microsoft · vendorwindows · product

Description

Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90