CVE-2023-36404: 
vulnerability analysis and mitigation

CVE-2023-36404 is a Windows Kernel Information Disclosure Vulnerability that was initially disclosed on November 14, 2023. This vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server editions (Microsoft Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The vulnerability can lead to high confidentiality impact but has no impact on integrity or availability (NVD).

The vulnerability allows an attacker to obtain unauthorized disclosure of information from the Windows Kernel. The high confidentiality impact rating suggests that the vulnerability could lead to significant information disclosure (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5032189, KB5032190, KB5032192, KB5032196, KB5032197, KB5032198, and KB5032202 for different versions of Windows (Rapid7).