TP-EXP-2023-0002 CVE-2023-36424 high Patched AI Draft

Microsoft Windows Out-of-Bounds Read Vulnerability (CVE-2023-36424)

CVE CVE-2023-36424 Platform Microsoft Windows Type Out-of-Bounds Read

Severity HIGH

Status Patched

Zero-Day Confirmed

Disclosed April 13, 2026

Patched August 8, 2023

Researcher Undisclosed CISA KEV Listed

Severity Assessment

Exploitability: 6/10 — Public reporting confirms exploitation, but available source material does not describe a turnkey public exploit chain.
Impact: 8/10 — Successful exploitation can expose protected memory and support follow-on privilege escalation activity on Windows hosts.
Weaponization Risk: 8/10 — Inclusion in the CISA KEV catalog indicates that adversaries have already operationalized the flaw.
Patch Urgency: 10/10 — CISA assigned a federal remediation deadline after exploitation was observed in the wild.
Detection Coverage: 5/10 — Detection relies on endpoint telemetry and patch compliance because public sources do not provide a stable signature set.

Overall Severity: High.

Summary

CVE-2023-36424 is an out-of-bounds read vulnerability in Microsoft Windows that Microsoft addressed in August 2023 and that CISA later added to the Known Exploited Vulnerabilities catalog. Microsoft classifies the issue as a privilege-escalation vulnerability, while the CVE record maps the underlying weakness to CWE-125. The available public reporting confirms exploitation but does not disclose a detailed exploit chain, so defenders should prioritize patching and exposure reduction over speculative technical claims.

Exploit Chain

Public source material does not disclose enough exploit detail to reconstruct a verified step-by-step intrusion sequence. What is confirmed is that attackers were able to abuse the Windows flaw in real environments prior to broad remediation. In operational terms, organizations should treat CVE-2023-36424 as a post-compromise or local-execution enabler that can increase adversary privileges after initial access has already been obtained.

Detection Guidance

Defenders should focus on patch verification, Windows endpoint telemetry, and detection of unexpected privilege-escalation behavior on systems that have not received the relevant Microsoft updates. Because the public references do not include vendor-published IOCs, security teams should correlate suspicious local execution, abnormal token elevation, and follow-on credential access or lateral movement activity with asset patch status. CISA’s KEV inclusion also makes this a priority candidate for exposure-based vulnerability reporting.

Indicators of Compromise

No authoritative public indicators of compromise were provided in the Microsoft, CISA, or National Vulnerability Database references used for this entry. Defenders should avoid treating unverified third-party indicators as canonical for this vulnerability without independent validation.

Disclosure Timeline

2023-08-08 — Patch Release

Microsoft publishes security guidance for CVE-2023-36424 in the August 2023 release cycle.

2026-04-13 — KEV Addition

CISA adds CVE-2023-36424 to the Known Exploited Vulnerabilities catalog, confirming observed exploitation and assigning a federal remediation deadline.

Sources & References

CISA: Known Exploited Vulnerabilities Catalog — CISA, 2026-04-13
National Vulnerability Database: CVE-2023-36424 Detail — National Vulnerability Database, 2023-08-08
Microsoft Security Response Center: CVE-2023-36424 Security Update Guide — Microsoft Security Response Center, 2023-08-08