CVE-2023-36722: 
vulnerability analysis and mitigation

Active Directory Domain Services Information Disclosure Vulnerability (CVE-2023-36722) was disclosed in October 2023. The vulnerability affects Microsoft Windows systems running Active Directory Domain Services. Microsoft has assigned it a CVSS base score of 4.4 (Medium) with a vector string of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N (Microsoft MSRC).

The vulnerability is classified as an Information Disclosure issue with a CVSS score of 4.4 (Medium). It requires high privileges and high attack complexity for exploitation, but no user interaction. The attack vector is network-based, and while it can result in high confidentiality impact, it does not affect integrity or availability (Microsoft MSRC).

If successfully exploited, the vulnerability could allow an attacker to access sensitive information within Active Directory Domain Services. The impact is limited to information disclosure, with no ability to modify data or affect system availability (Microsoft MSRC).

Microsoft has released security updates to address this vulnerability as part of the October 2023 Patch Tuesday updates. Users are advised to apply the security updates to affected systems (Bleeping Computer).