CVE-2023-36028 is a heap-based buffer overflow vulnerability (CWE-122) identified in the Microsoft Protected Extensible Authentication Protocol (PEAP) implementation on Windows 10 Version 1809 (build 10.0.17763.0). PEAP is widely used for secure network authentication, encapsulating EAP within a TLS tunnel to protect credentials. This vulnerability arises from improper handling of input data within the PEAP processing code, leading to a heap buffer overflow condition. An attacker can exploit this remotely over the network without requiring any prior authentication or user interaction, making it highly dangerous. Successful exploitation allows remote code execution (RCE) with system-level privileges, enabling full control over the affected machine. The CVSS v3.1 base score is 9.8, reflecting the critical nature of the flaw, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact covers confidentiality, integrity, and availability (C:H/I:H/A:H). Although no exploits have been reported in the wild yet, the vulnerability was publicly disclosed in November 2023, and the absence of patches at the time of this report increases risk. The vulnerability affects Windows 10 Version 1809, which remains in use in many enterprise environments, particularly where legacy systems persist. The lack of patch links suggests that a fix may be forthcoming or pending deployment. This vulnerability demands urgent attention due to its ease of exploitation and potential for widespread damage.

For European organizations, the impact of CVE-2023-36028 is significant. Many enterprises and public sector entities still operate Windows 10 Version 1809, especially in environments with strict change control or legacy application dependencies. Exploitation could lead to full system compromise, data breaches, ransomware deployment, and disruption of critical services. Since PEAP is commonly used for Wi-Fi and VPN authentication, attackers could leverage this vulnerability to gain unauthorized network access, escalate privileges, and move laterally within corporate networks. Confidentiality of sensitive data is at high risk, as is the integrity of systems and availability of services. The potential for remote code execution without authentication or user interaction makes this vulnerability a prime target for attackers aiming to infiltrate European organizations’ IT infrastructure. The lack of known exploits in the wild currently provides a window for proactive mitigation, but the critical severity score underscores the urgency of patching and network defense enhancements.

1. Monitor Microsoft security advisories closely and apply official patches for Windows 10 Version 1809 as soon as they are released. 2. Until patches are available, implement network-level controls such as firewall rules to restrict access to authentication servers using PEAP, limiting exposure to untrusted networks. 3. Employ network segmentation to isolate critical systems and authentication infrastructure from general user networks. 4. Use intrusion detection and prevention systems (IDS/IPS) with updated signatures to detect anomalous PEAP traffic or exploitation attempts. 5. Enforce strict access controls and multi-factor authentication (MFA) on network access points to reduce the risk of lateral movement post-exploitation. 6. Conduct thorough inventory and auditing of devices running Windows 10 Version 1809 to prioritize patching and mitigation efforts. 7. Educate IT staff on the vulnerability specifics and encourage rapid incident response readiness. 8. Consider temporary disabling or restricting PEAP usage if alternative secure authentication methods are available and feasible. 9. Regularly back up critical data and verify restore procedures to mitigate ransomware or destructive attack impacts stemming from exploitation.