⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2023-08-29.

CVE-2023-36884 — Race Condition in Microsoft Windows 10 Version 1507

CWE-362 — Race Condition53 documents20 sources

Severity

7.5HIGHNVD

EPSS

93.2%

top 0.20%

CISA KEV

KEVRansomware

Added 2023-07-17

Due 2023-08-29

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +33 more

Timeline

PublishedJul 11

KEV addedJul 17

KEV dueAug 29

Latest updateMar 6

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows Search Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages36 packages

▶NVDmicrosoft/windows< 10.0.14393.6167+3

▶NVDmicrosoft/windows_10_1507< 10.0.10240.20107

▶NVDmicrosoft/windows_10_1607< 10.0.14393.6167

▶NVDmicrosoft/windows_10_1809< 10.0.17763.4737

▶NVDmicrosoft/windows_10_21h2< 10.0.19044.3324

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-gwrc-vqcf-v9v4: Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products↗2023-07-11

▶

VulnCheck

Microsoft Windows Search Remote Code Execution Vulnerability↗2023

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M1↗2023-07-12

▶

Suricata

ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M2↗2023-07-12

▶

📋Vendor Advisories

CISA

Microsoft Windows Search Remote Code Execution Vulnerability↗2023-07-17

▶

Microsoft

Windows Search Remote Code Execution Vulnerability↗2023-07-11

▶

🕵️Threat Intelligence

Securelist

Vulnerability landscape in Q4 2025↗2026-03-06

▶

Securelist

Exploits and vulnerabilities in Q4 2025↗2026-03-06

▶

Bleepingcomputer

Details emerge on WinRAR zero-day attacks that infected PCs with malware↗2025-08-11

▶

Greynoiseio

GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs↗2025-02-26

▶

Qualys

Defense Lessons From the Black Basta Ransomware Playbook↗2025-02-25

▶

📄Research Papers

arXiv

VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs↗2025-02-16

▶