CVE-2023-36036

HIGH

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 11/14/2023Modified: 10/28/2025

Related Intelligence (1)

CRITICALApt

When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

Overview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving malware deployment, privilege escalation, credential t

CVE-2023-36036CVE-2021-31969

5d agoRapid7

References (3)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036PatchVendor Advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036PatchVendor Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36036US Government Resource