cbcvebase.
CVE-2023-36563
published 2023-10-10

CVE-2023-36563: Microsoft WordPad Information Disclosure Vulnerability

PriorityP274medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-10-31
Exploited in the wild
EPSS
20.72%
97.2th percentile
Microsoft WordPad Information Disclosure Vulnerability

Affected

41 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10_1507< 10.0.10240.2023210.0.10240.20232
microsoftwindows_10_1607< 10.0.14393.635110.0.14393.6351
microsoftwindows_10_1809< 10.0.17763.497410.0.17763.4974
microsoftwindows_10_21h2< 10.0.19041.357010.0.19041.3570
microsoftwindows_10_22h2< 10.0.19045.357010.0.19045.3570
microsoftwindows_10_version_1507>= 10.0.10240.0 < 10.0.10240.2023210.0.10240.20232
microsoftwindows_10_version_1607>= 10.0.14393.0 < 10.0.14393.635110.0.14393.6351
microsoftwindows_10_version_1809>= 10.0.0 < 10.0.17763.497410.0.17763.4974
microsoftwindows_10_version_1809>= 10.0.17763.0 < 10.0.17763.497410.0.17763.4974
microsoftwindows_10_version_21h2>= 10.0.19043.0 < 10.0.19041.357010.0.19041.3570
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.357010.0.19045.3570
microsoftwindows_11_21h2< 10.0.22000.253810.0.22000.2538
microsoftwindows_11_22h2< 10.0.22621.242810.0.22621.2428
microsoftwindows_11_version_21h2>= 10.0.0 < 10.0.22000.253810.0.22000.2538
microsoftwindows_11_version_22h2>= 10.0.22621.0 < 10.0.22621.242810.0.22621.2428
microsoftwindows_server_2008
microsoftwindows_server_2008_r2_service_pack_1>= 6.1.7601.0 < 6.1.7601.267696.1.7601.26769
microsoftwindows_server_2008_service_pack_2>= 6.0.6003.0 < 6.0.6003.223176.0.6003.22317
microsoftwindows_server_2012
microsoftwindows_server_2012>= 6.2.9200.0 < 6.2.9200.245236.2.9200.24523
microsoftwindows_server_2012_r2>= 6.3.9600.0 < 6.3.9600.216206.3.9600.21620
microsoftwindows_server_2016< 10.0.14393.635110.0.14393.6351
microsoftwindows_server_2016>= 10.0.14393.0 < 10.0.14393.635110.0.14393.6351
microsoftwindows_server_2019< 10.0.17763.497410.0.17763.4974
microsoftwindows_server_2019>= 10.0.17763.0 < 10.0.17763.497410.0.17763.4974

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-36563 exploits Microsoft WordPad to disclose NTLM hashes; monitor for outbound NTLM authentication attempts triggered by opening a WordPad document, which may indicate credential theft in progress.
  • The attack requires a user to open a malicious file delivered by the attacker; detect suspicious WordPad (wordpad.exe) process launches originating from email attachments or downloaded files.
  • CVE-2023-36563 has been confirmed as actively exploited in the wild; prioritize detection and hunting on endpoints running affected WordPad versions.
  • ·This is an information disclosure vulnerability (NTLM hash leakage), not a remote code execution bug; exploitation requires user interaction — the victim must open a malicious file sent by the attacker.
  • ·The vulnerability is confirmed exploited in the wild and is listed in CISA's Known Exploited Vulnerabilities catalog with a remediation due date of 2023-10-31.

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vulncheck6.5MEDIUM
cisa5.5MEDIUM
vendor_msrc6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.