CVE-2023-36605: 
vulnerability analysis and mitigation

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability (CVE-2023-36605) was disclosed on October 10, 2023. This vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Microsoft has classified this as a Use After Free (CWE-416) vulnerability. The vulnerability requires local access and low privileges to exploit, but no user interaction is needed (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems. The vulnerability affects confidentiality, integrity, and availability, all rated as High in the CVSS scoring (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5031361 for Windows 10 1809, KB5031356 for Windows 10 21H2/22H2, KB5031358 for Windows 11 21H2, KB5031354 for Windows 11 22H2, and KB5031364 for Windows Server 2022 (Rapid7).