CVE-2023-36584 - Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft | Windows

• Date Added:
• 2023-11-16

• Due Date:
• 2023-12-07

Vulnerability Name

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Description

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36584

Top Security News

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

Microsoft fixes exploited zero-day (CVE-2024-49138)

Garmin GPS watches crashing, stuck in triangle 'reboot loop'

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

DeepSeek Jailbreak Reveals Its Entire System Prompt

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Windows Server 2025 released—here are the new features

Common Alerts

HighSQL Injection - MySQL

InformationalUsername Hash Found

InformationalRe-examine Cache-control Directives

LowInsufficient Site Isolation Against Spectre Vulnerability

InformationalBase64 Disclosure

MediumELMAH Information Leak

HighNoSQL Injection - MongoDB (Time Based)

InformationalSec-Fetch-Mode Header is Missing

MediumBackup File Disclosure

HighServer Side Request Forgery

Top CVE List

CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2015-6175 Microsoft Windows Kernel Privilege Escalation Vulnerability

CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2012-5076 Oracle Java SE Sandbox Bypass Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1426 Improper Validation of Generative AI Output

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-284 Improper Access Control

CWE-304 Missing Critical Step in Authentication

CWE-307 Improper Restriction of Excessive Authentication Attempts