Skip to content

Microsoft WordPad Information Disclosure Vulnerability - 20231011005

Overview

The WA SOC has observed an information disclosure vulnerability in various number of Micosoft products, which allows the disclosure of New Technology LAN Manager (NTLM) hashes. An attacker if successfully logs on to the system, could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

What is the vulnerability?

CVE-2023-36563 - CVSS v3 Base Score: 6.5

What is vulnerable?

The vulnerability affects the following lists of Microsoft products:

  • Windows 10 Version 1809 before 10.0.17763.4974
  • Windows Server 2019 before 10.0.17763.4974
  • Windows Server 2019 (Server Core installation) before 10.0.17763.4974
  • Windows Server 2022 before 10.0.20348.2031
  • Windows 11 version 21H2 before 10.0.22000.2538
  • Windows 10 Version 21H2 before 10.0.19041.3570
  • Windows 11 version 22H2 before 10.0.22621.2428
  • Windows 10 Version 22H2 before 10.0.19045.3570
  • Windows 10 Version 1507 before 10.0.10240.20232
  • Windows 10 Version 1607 before 10.0.14393.6351
  • Windows Server 2016 before 10.0.14393.6351
  • Windows Server 2016 (Server Core installation) before 10.0.14393.6351
  • Windows Server 2008 Service Pack 2 before 6.0.6003.22317
  • Windows Server 2008 Service Pack 2 (Server Core installation) before 6.0.6003.22317
  • Windows Server 2008 Service Pack 2 before 6.0.6003.22317
  • Windows Server 2008 R2 Service Pack 1 before 6.1.7601.26769
  • Windows Server 2008 R2 Service Pack 1 (Server Core installation) before 6.1.7601.26769
  • Windows Server 2012 before 6.2.9200.24523
  • Windows Server 2012 (Server Core installation) before 6.2.9200.24523
  • Windows Server 2012 R2 before 6.3.9600.21620
  • Windows Server 2012 R2 (Server Core installation) before 6.3.9600.21620

What has been observed?

The vulnerability is known to be publicly exploited. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):

Additional References