CVE-2023-36046 is a vulnerability classified under CWE-59, which pertains to improper link resolution before file access, commonly known as 'link following.' This vulnerability affects Microsoft Windows 11 version 21H2 (build 10.0.0). The flaw arises because the operating system incorrectly handles symbolic links or reparse points during file access operations related to authentication processes. An authenticated local attacker with limited privileges can exploit this weakness to cause a denial of service (DoS) in the Windows Authentication subsystem. Specifically, by manipulating symbolic links or file paths, the attacker can disrupt the normal authentication flow, leading to failures in user authentication or system logins. The vulnerability does not impact confidentiality but severely affects integrity and availability of authentication services. The CVSS v3.1 base score is 7.1, reflecting high severity due to the ease of exploitation by a local authenticated user without requiring user interaction and the significant impact on system availability and integrity. No public exploits or active exploitation in the wild have been reported as of the publication date (November 14, 2023). The vulnerability was reserved on June 20, 2023, and is recognized by CISA as enriched data, indicating its importance. Since no patch links are currently provided, mitigation relies on limiting local user privileges and monitoring authentication systems until official patches are released by Microsoft.

For European organizations, this vulnerability poses a significant risk to the availability and integrity of authentication services on Windows 11 version 21H2 systems. Disruption of authentication can lead to denial of service conditions, preventing legitimate users from accessing critical systems and services. This can affect business continuity, especially in sectors relying heavily on Windows-based infrastructure such as finance, healthcare, government, and critical infrastructure. The inability to authenticate users may also increase operational costs and reduce productivity. Although confidentiality is not directly impacted, the loss of authentication integrity can indirectly expose organizations to further risks, such as unauthorized access attempts during recovery or fallback procedures. The impact is heightened in environments where local user accounts have elevated privileges or where multi-factor authentication is not enforced. European organizations with large deployments of Windows 11 21H2, particularly those with complex authentication environments, should consider this vulnerability a high priority for remediation.

1. Immediately restrict local user privileges on Windows 11 version 21H2 systems to the minimum necessary, preventing untrusted users from having authenticated local access. 2. Implement strict access control policies to limit the creation and manipulation of symbolic links or reparse points by non-administrative users. 3. Monitor authentication logs and system event logs for unusual failures or anomalies that could indicate exploitation attempts. 4. Deploy application whitelisting and endpoint detection and response (EDR) solutions to detect suspicious local activities involving file system link manipulations. 5. Prepare for rapid deployment of Microsoft patches once released by maintaining an up-to-date inventory of affected systems. 6. Consider network segmentation to isolate critical authentication servers and reduce the attack surface. 7. Enforce multi-factor authentication (MFA) to mitigate the impact of authentication disruptions. 8. Educate IT staff about the nature of CWE-59 vulnerabilities and the importance of controlling symbolic link usage in the environment.