CVE-2023–36874 is not just any vulnerability; rather, it is a zero-day that is being actively exploited. This indicates that the vulnerability was being exploited in the wild even before any remedy was provided, and in some cases, even before it was publicly acknowledged. Because they provide a window of opportunity before updates are sent out, vulnerabilities of this kind are often among the top targets for cybercriminals.
However, taking advantage of this vulnerability is not as simple as one may first believe it to be. According to the advisory notes published by Microsoft, “An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.”
This significantly reduces the danger vector, but it does not remove it entirely. Because Windows is so prevalent throughout the world, even a very minor security flaw may put millions of machines at danger.
Leave a reply