CVE-2023-36404 is a medium-severity vulnerability affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). It is classified under CWE-284, indicating an improper access control weakness. Specifically, this vulnerability involves an information disclosure flaw within the Windows kernel, allowing an attacker with limited privileges (low-level privileges) to gain unauthorized access to sensitive kernel information. The vulnerability does not require user interaction and has a low attack complexity, but it does require the attacker to have some level of local privileges (PR:L). The CVSS 3.1 base score is 5.5, reflecting a moderate impact primarily on confidentiality (C:H), with no impact on integrity or availability. The vulnerability scope is unchanged (S:U), meaning the exploit affects only the vulnerable component without extending to other system components. No known exploits are currently reported in the wild, and no official patches have been linked yet. The flaw could potentially allow attackers to gather sensitive kernel data that might be leveraged in further privilege escalation or other attacks, although the vulnerability itself does not directly enable such actions. The vulnerability is limited to Windows 10 Version 1809, which is an older release, but still in use in some environments, especially in legacy or specialized systems. Given the kernel-level nature of the flaw, the information disclosure could aid attackers in crafting more effective exploits or bypassing security controls.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality of sensitive system information on affected Windows 10 Version 1809 machines. Organizations running legacy systems or specialized industrial, governmental, or enterprise environments that have not upgraded beyond this Windows version are at risk. Disclosure of kernel information could facilitate subsequent targeted attacks, including privilege escalation or evasion of security mechanisms, potentially leading to broader compromise. While the vulnerability itself does not directly impact system integrity or availability, the information gained could be a stepping stone for more severe attacks. This is particularly relevant for sectors with high-value or sensitive data such as finance, critical infrastructure, healthcare, and government agencies. The lack of known exploits in the wild reduces immediate risk, but the presence of a publicly known vulnerability increases the likelihood of future exploitation attempts. Organizations with strict compliance requirements and data protection regulations (e.g., GDPR) must consider the potential confidentiality impact seriously.

1. Upgrade or patch: Although no official patch link is provided, organizations should monitor Microsoft’s security advisories closely and apply any forthcoming patches promptly. 2. Upgrade Windows: Where feasible, migrate systems from Windows 10 Version 1809 to a more recent, supported Windows version that does not contain this vulnerability. 3. Privilege management: Restrict local user privileges rigorously to minimize the number of users who have the low-level privileges required to exploit this vulnerability. 4. Endpoint protection: Deploy advanced endpoint detection and response (EDR) solutions that can detect anomalous kernel-level activities or attempts to access sensitive kernel information. 5. Network segmentation: Isolate legacy systems running Windows 10 Version 1809 from critical network segments to reduce exposure. 6. Monitoring and logging: Enhance monitoring of local privilege use and kernel-related system calls to detect potential exploitation attempts. 7. Application whitelisting: Limit execution of unauthorized code that could attempt to leverage kernel information disclosure. 8. Incident response readiness: Prepare for potential exploitation by having incident response plans that include detection and containment of kernel-level attacks.