Microsoft Windows Out-of-Bounds Vulnerability - 20260414001¶
Overview¶
CISA added CVE‑2023‑36424 to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability in the Windows Common Log File System (CLFS) driver that allows a local attacker to exploit an out‑of‑bounds read to achieve elevation of privilege on affected Windows systems.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Microsoft Windows and Windows Server | Vendors noted products and versions | CVE-2023-36424 | 7.8 | High |
What has been observed?¶
CISA has added one or more of the mentioned items to their Known Exploited Vulnerabilities catalog. The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):