CVE-2023-36428 is a vulnerability classified under CWE-125 (Out-of-bounds Read) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw resides in the Local Security Authority Subsystem Service (LSASS), a critical Windows component responsible for enforcing security policies and managing authentication. An out-of-bounds read occurs when the software reads data outside the bounds of allocated memory, potentially exposing sensitive information stored in memory buffers. This vulnerability allows a local attacker with limited privileges (PR:L) to read memory contents that should be inaccessible, leading to information disclosure (confidentiality impact is high). The attack vector is local (AV:L), meaning the attacker must have access to the system but does not require user interaction (UI:N). The vulnerability does not affect integrity or availability, and the scope is unchanged (S:U). The CVSS 3.1 base score is 5.5, indicating medium severity. No known exploits have been reported in the wild, and no official patches have been linked yet, though Microsoft has reserved the CVE since June 2023 and published details in November 2023. The vulnerability is significant because LSASS handles sensitive security tokens and credentials, and any leakage could aid further attacks or privilege escalation.

For European organizations, the primary impact of CVE-2023-36428 is the potential exposure of sensitive security information such as authentication tokens or credentials stored in LSASS memory. This could facilitate lateral movement, privilege escalation, or targeted attacks if combined with other vulnerabilities or insider threats. Organizations in sectors with high security requirements—such as government, finance, healthcare, and critical infrastructure—are particularly at risk. Since the vulnerability requires local access, the risk is elevated in environments where endpoint security is weak or where attackers can gain initial footholds through phishing or insider compromise. The medium severity indicates that while the vulnerability is not immediately critical, it could be leveraged as part of a multi-stage attack chain. The lack of a patch increases exposure time, especially for organizations still running Windows 10 Version 1809, which is an older release but still in use in some enterprises due to legacy application dependencies.

1. Restrict local access to systems running Windows 10 Version 1809 by enforcing strict access controls and limiting administrative privileges. 2. Monitor endpoint and network activity for unusual behavior indicative of attempts to access LSASS memory or escalate privileges. 3. Employ endpoint detection and response (EDR) solutions capable of detecting suspicious LSASS memory access patterns. 4. Plan and prioritize upgrading affected systems to a supported and patched Windows version, as Windows 10 Version 1809 is nearing or past end-of-support in many environments. 5. Apply any forthcoming Microsoft security updates promptly once released. 6. Use application whitelisting and privilege management to reduce the risk of local attackers exploiting this vulnerability. 7. Conduct regular security awareness training to reduce the risk of initial compromise that could lead to local access.