CVE-2023-36398 is a vulnerability identified in Microsoft Windows 10 Version 1809, specifically related to the NTFS file system driver. The root cause is the use of an uninitialized resource, classified under CWE-908, which can lead to information disclosure. This vulnerability allows an attacker with low-level privileges (PR:L) and local access (AV:L) to read sensitive information from memory or system resources that should otherwise be protected. The vulnerability does not require user interaction (UI:N) and has a scope change (S:C), meaning it can affect resources beyond the initially compromised component. The CVSS 3.1 base score is 6.5, indicating a medium severity level, with a high impact on confidentiality (C:H) but no impact on integrity (I:N) or availability (A:N). The attack complexity is low (AC:L), and privileges required are low (PR:L), making exploitation feasible in environments where attackers have some local access. No known exploits have been observed in the wild, and Microsoft has not yet published a patch or mitigation guidance. The vulnerability could be leveraged to disclose sensitive information stored or processed by the NTFS file system, potentially exposing user data or system information critical for further attacks.

For European organizations, the primary impact is unauthorized disclosure of sensitive data, which could include personal information, intellectual property, or system configuration details. This breach of confidentiality could lead to compliance violations under GDPR and other data protection regulations, resulting in legal and financial consequences. Organizations in sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitivity of their data. Since the vulnerability requires local access with low privileges, insider threats or attackers who gain initial footholds via other means could escalate their information gathering capabilities. The lack of impact on integrity and availability means the threat is less likely to cause direct operational disruption but can facilitate further attacks or espionage. Legacy systems running Windows 10 Version 1809, which is out of mainstream support, are more vulnerable due to the absence of patches and mitigations, increasing the risk profile for organizations that have not upgraded.

European organizations should prioritize upgrading affected systems from Windows 10 Version 1809 to a supported and patched Windows version to eliminate exposure. Until upgrades are possible, organizations should enforce strict local access controls, limiting user privileges and monitoring for unauthorized access attempts. Implementing endpoint detection and response (EDR) solutions can help identify suspicious activities indicative of exploitation attempts. Network segmentation and the principle of least privilege should be applied to reduce the attack surface. Regular audits of installed Windows versions and patch levels will help identify vulnerable systems. Organizations should stay alert for official Microsoft patches or security advisories related to this CVE and apply them promptly once available. Additionally, educating users and administrators about the risks of local privilege misuse and enforcing strong authentication mechanisms can reduce exploitation likelihood.