A vulnerability was found in Microsoft Windows (Operating System). It has been rated as critical. Affected by this issue is an unknown code of the component HTML. Impacted is confidentiality, integrity, and availability.

The weakness was published 07/11/2023 as confirmed security guidance (Website). The advisory is shared for download at portal.msrc.microsoft.com. This vulnerability is handled as CVE-2023-36884. Successful exploitation requires user interaction by the victim. Technical details are unknown but an exploit is available. The current price for an exploit might be approx. USD $25k-$100k (estimation calculated on 04/29/2024).

It is declared as highly functional. This issue was added on 07/17/2023 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 08/29/2023:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Similar entries are available at VDB-1827, VDB-7208 and VDB-236563.

Productinfo

Type

• Operating System

Vendor

• Microsoft

Name

• Windows

Version

• 10
• 10 21H2
• 10 22H2
• 10 1607
• 10 1809
• 11 21H2
• 11 22H2
• Server 2008 R2 SP1
• Server 2008 SP2
• Server 2012
• Server 2012 R2
• Server 2016
• Server 2019
• Server 2022

License

• commercial

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion