CVE-2023-36047: 
vulnerability analysis and mitigation

Windows Authentication Elevation of Privilege Vulnerability (CVE-2023-36047) was disclosed on November 14, 2023. This vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server editions. The vulnerability was initially discovered and reported to Microsoft, who assigned it a high severity CVSS base score of 7.8 (Microsoft MSRC).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The vulnerability is classified under CWE-59 (Improper Link Resolution Before File Access) (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems. The impact metrics indicate high potential for compromise in confidentiality, integrity, and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5032196 for Windows 10 1809, KB5032189 for Windows 10 21H2/22H2, KB5032190 for Windows 11 22H2/23H2, KB5032192 for Windows 11 21H2, and KB5032198/KB5032202 for Windows Server 2022 (Rapid7).