CVE-2023-36876: Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
Overview
- Severity
- High (CVSS 7.1)
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2023-Aug
- Released
- 2023-08-08
- Last Updated
- 2023-09-18
- EPSS Score
- 0.10% (percentile: 28.2%)
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account.
According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N) but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?
An attacker who successfully exploits this vulnerability cannot access existing files (C:N) but can write or overwrite file contents (I:H), which potentially may cause the system to become unavailable (A:H).
Affected Products (2)
ESU
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Security Updates (2)
Acknowledgments
OUYANG FEI
Revision History
- 2023-08-08: Information published.
- 2023-09-18: Acknowledgement added. This is an informational change only.