Proof-of-concept (PoC) exploit code will be released for a zero-day vulnerability (CVE-2023-36874) allowing privilege escalation in Microsoft Windows.
The vulnerability (CVSS score of 7.8) affects the Windows Error Reporting Service (WER), a component that collects and sends error reports to Microsoft. The vulnerability exists due to a flaw in how WER handles specially crafted requests. An attacker could exploit this vulnerability by creating a malicious program that is designed to take advantage of the flaw. Once the malicious program is executed, the attacker could gain elevated privileges on the system. Microsoft says that the flaw was discovered by Vlad Stolyarov and Maddie Stone of Googles Threat Analysis Group (TAG). CVE-2023-36874 - PoC for 0-day Windows Error Reporting Service bug
so.cl
CVE-2023-36874 - PoC for 0-day Windows Error Reporting Service bug
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer
CVE-2023-36874 - PoC for 0-day Windows Error Reporting Service bug
Nickname: