CVE-2023-36698: 
vulnerability analysis and mitigation

Windows Kernel Security Feature Bypass Vulnerability (CVE-2023-36698) was identified and disclosed in 2023. The vulnerability affects multiple versions of Microsoft Windows operating systems including Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 21H2, 22H2), and Windows Server (2019 and 2022) (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.4 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. It has been classified as CWE-362, which indicates a Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) vulnerability (NVD).

The vulnerability can lead to security feature bypass in the Windows Kernel, potentially allowing an attacker with local access to bypass certain security features, resulting in limited impact on integrity and availability of the system (MSRC).

Microsoft has released security updates to address this vulnerability across affected versions. Updates are available through KB5031361 (Windows 10 1809, Server 2019), KB5031356 (Windows 10 21H2, 22H2), KB5031358 (Windows 11 21H2), KB5031354 (Windows 11 22H2), and KB5031364 (Windows Server 2022) (Rapid7).