Windows DOS-to-NT Path Conversion Process Exploited - 20240424002

Overview

The DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.

What is vulnerable?

CVE	Severity	CVSS	Product(s) Affected
CVE-2023-36396	High	7.8	Windows 11 22H2 versions Upto (excluding) 10.0.22621.2715 on ARM64 Windows 11 22H2 versions Upto (excluding) 10.0.22621.2715 on x64 Windows 11 23H2 versions Upto (excluding) 10.0.22621.2715 on ARM64 Windows 11 23H2 versions Upto (excluding) 10.0.22621.2715 on x64
CVE-2023-32054	High	7.3	Windows 10 1507 versions Upto (excluding) 10.0.10240.20048 Windows 10 1607 versions Upto (excluding) 10.0.14393.6085 Windows 10 1809 versions Upto (excluding) 10.0.17763.4645 Windows 10 21H2 versions Upto (excluding) 10.0.19041.3208 Windows 10 22H2 versions Upto (excluding) 10.0.19045.3208 Windows 11 21H2 versions Upto (excluding) 10.0.22000.2176 Windows 11 22H2 versions Upto (excluding) 10.0.22621.1992 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices (refer Patch Management):

• Microsoft Security Updates - CVE-2023-36396
• Microsoft Security Updates - CVE-2023-32054

Additional References

• The Hacker News - Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers