CVE-2023-36874: 
vulnerability analysis and mitigation

Windows Error Reporting Service Elevation of Privilege Vulnerability (CVE-2023-36874) was discovered in July 2023. This vulnerability affects the Windows Error Reporting (WER) component across multiple Windows versions, including Windows 10, Windows 11, and various Windows Server editions. The vulnerability was independently discovered by both the Google Threat Analysis Group and CrowdStrike's Falcon Complete team (CrowdStrike Blog).

The vulnerability exists in the Windows Error Reporting service's handling of COM interfaces. The core issue lies in the CreateProcess API running under impersonation, which follows file system redirection set up by an attacker but uses the calling process security token instead of the impersonated token. This allows an attacker-controlled executable to run with SYSTEM privileges. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When successfully exploited, this vulnerability allows an attacker to elevate privileges to SYSTEM level, potentially gaining complete control over the affected system. The exploit can be used to spawn a privileged interpreter, either the traditional command interpreter cmd.exe or powershell_ise.exe, in the interactive session (CrowdStrike Blog).

Microsoft has released security updates to address this vulnerability. Organizations are advised to apply the relevant patches immediately. The vulnerability affects multiple Windows versions, and specific updates are available for each affected version through Microsoft's update system (NVD).