CVE-2023-36804: 
vulnerability analysis and mitigation

Windows GDI Elevation of Privilege Vulnerability, identified as CVE-2023-36804, was discovered and reported to Microsoft on August 3, 2023. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions (ZDI Advisory).

The vulnerability exists within the win32kfull driver, specifically in the UMPDDrvCopyBits functionality. The issue stems from the lack of proper object validation before performing operations, resulting in a Use-After-Free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H by Microsoft, while ZDI assessed it with a CVSS score of 8.8 (Microsoft MSRC, ZDI Advisory).

If successfully exploited, this vulnerability allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM, effectively gaining complete control over the affected system. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (ZDI Advisory).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate patches for their affected systems. The fix was released as part of Microsoft's security updates (Microsoft MSRC).