CVE-2023-36428
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2023-36428 is a newly disclosed vulnerability affecting Microsoft's Local Security Authority Subsystem Service. This issue allows an unauthenticated attacker to gain access to sensitive information through a specially crafted message sent to the service. The impact of this vulnerability is significant as it could potentially lead to the disclosure of system configuration details, usernames, and even password hashes. Successful exploitation may also allow attackers to escalate privileges and carry out further attacks on the compromised system. It is recommended that affected users apply the available Microsoft security updates to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.