CVE-2023-36036
HIGH KEVWindows Cloud Files Mini Filter Driver - Privilege Escalation
Title source: llmExploitation Summary
CVE-2023-36036 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 14, 2023.
Description
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36036
Patch, Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036
Scores
CVSS v3
7.8
EPSS
0.0184
EPSS Percentile
83.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-11-14
VulnCheck KEV
2023-11-14
InTheWild.io
2023-11-14
ENISA EUVD
EUVD-2023-40020
CWE
CWE-122
CWE-787
Status
published
Products (15)
microsoft/windows_10_1507
< 10.0.10240.20308 (2 CPE variants)
microsoft/windows_10_1607
< 10.0.14393.6452 (2 CPE variants)
microsoft/windows_10_1809
< 10.0.17763.5122 (3 CPE variants)
microsoft/windows_10_21h2
< 10.0.19041.3693 (3 CPE variants)
microsoft/windows_10_22h2
< 10.0.19045.3693 (3 CPE variants)
microsoft/windows_11_21h2
< 10.0.22000.2600 (2 CPE variants)
microsoft/windows_11_22h2
< 10.0.22621.2715 (2 CPE variants)
microsoft/windows_11_23h2
< 10.0.22621.2715 (2 CPE variants)
microsoft/windows_server_2008
(2 CPE variants)
microsoft/windows_server_2008
r2 sp1
... and 5 more
Published
Nov 14, 2023
KEV Added
Nov 14, 2023
Tracked Since
Feb 18, 2026