CVE-2023-36003: 
vulnerability analysis and mitigation

CVE-2023-36003 is a Windows XAML Diagnostics Elevation of Privilege Vulnerability that was reported to Microsoft in July 2023 and patched in December 2023. The vulnerability affects multiple Windows versions, including Windows 10 and Windows 11 builds, as well as Windows Server 2016, 2019, and 2022 (NVD).

The vulnerability exists in the InitializeXamlDiagnosticsEx API, which was introduced in Windows 10 1703 for diagnostic purposes of XAML-based applications. The flaw stems from insufficient security checks within the API, allowing non-elevated processes to inject DLLs into supported processes. The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High) by NIST and 6.7 (Medium) by Microsoft, with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability enables a regular user to potentially gain SYSTEM privileges by targeting elevated processes such as Task Manager in Windows 11 22H2 or Windows Terminal. Additionally, it can be exploited to bypass User Interface Privilege Isolation (UIPI) by targeting UIAccess processes without requiring User Account Control (UAC) interference (Security Online).

Microsoft has addressed this vulnerability in their December 2023 security updates. Users and administrators are strongly advised to apply the latest security patches to affected systems to prevent potential exploitation (Microsoft Advisory).