CVE-2023-36404 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw resides in the Windows kernel, where insufficient access control allows a local attacker with limited privileges (PR:L) to disclose sensitive kernel information (confidentiality impact is high) without requiring user interaction (UI:N). The attack vector is local (AV:L), meaning the attacker must have some level of access to the system but does not need elevated privileges or user interaction to exploit the vulnerability. The vulnerability does not affect system integrity or availability, limiting its impact to information disclosure. This information leak could potentially be leveraged by attackers to gain further insights into kernel memory layout or security mechanisms, facilitating privilege escalation or bypassing security controls. The CVSS v3.1 base score is 5.5, indicating a medium severity level. No known exploits have been reported in the wild, and no official patches or mitigation guidance have been published at the time of this report. The vulnerability was reserved in June 2023 and published in November 2023. The absence of patch links suggests that organizations should monitor Microsoft advisories closely for updates. This vulnerability is particularly relevant for environments still running the older Windows 10 1809 version, which is out of mainstream support, increasing the risk due to lack of regular security updates.

For European organizations, the primary impact of CVE-2023-36404 is the potential disclosure of sensitive kernel information, which could be exploited to facilitate privilege escalation or other advanced attacks. Organizations running legacy Windows 10 Version 1809 systems, especially in sectors such as government, critical infrastructure, healthcare, and finance, may face increased risk if attackers gain local access. The information disclosure could weaken security postures by revealing kernel memory layouts or security mechanisms, aiding attackers in crafting more effective exploits. Although the vulnerability does not directly compromise system integrity or availability, the indirect consequences could be significant if leveraged in multi-stage attacks. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially in environments with poor patch management or where insider threats exist. European organizations with legacy systems should be particularly vigilant, as continued use of unsupported Windows versions increases exposure to such vulnerabilities.

1. Upgrade affected systems from Windows 10 Version 1809 to a supported and fully patched Windows version to eliminate exposure to this vulnerability. 2. Restrict local access to systems running legacy Windows versions to trusted personnel only, minimizing the risk of local exploitation. 3. Implement strict local privilege management policies to limit the number of users with any level of access to vulnerable systems. 4. Monitor Microsoft security advisories closely for the release of official patches or workarounds addressing CVE-2023-36404 and apply them promptly. 5. Employ endpoint detection and response (EDR) tools capable of detecting unusual local activity that might indicate attempts to exploit kernel information disclosure. 6. Conduct regular audits of system versions and patch levels across the organization to identify and remediate legacy systems. 7. Consider network segmentation to isolate legacy systems from critical infrastructure and sensitive data environments. 8. Educate IT staff and users about the risks associated with running unsupported operating systems and the importance of timely updates.