CVE-2023-36391: 
vulnerability analysis and mitigation

Local Security Authority Subsystem Service (LSASS) Elevation of Privilege Vulnerability, identified as CVE-2023-36391, was discovered and disclosed on December 12, 2023. This vulnerability affects Windows 11 Version 23H2 systems, including both ARM64-based and x64-based architectures. The vulnerability stems from an error in file path validation within the LSASS service (Fortiguard Labs).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The vulnerability is associated with CWE-59 (Improper Link Resolution Before File Access) (NVD).

Successful exploitation of this vulnerability could result in elevation of privilege within the context of the vulnerable system. An attacker who successfully exploits this vulnerability could gain higher privileges on the affected system, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (Fortiguard Labs).

Microsoft has released security updates to address this vulnerability. Users are strongly recommended to apply the most recent upgrade or patch available through the Microsoft Update system (Fortiguard Labs).