Microsoft has released a crucial update for its Office software to counter a remote code execution (RCE) vulnerability, known as CVE-2023-36884, which has previously been exploited in attacks.
This update, part of Microsoft's August Patch Tuesday, addresses a security issue that was initially disclosed in July. Although Microsoft did not immediately provide a patch for it, they did offer mitigation advice. The vulnerability was first identified as an RCE within Microsoft Office, but subsequent analysis led to it being reclassified as a Windows Search RCE.
The RomCom threat group had been exploiting this vulnerability as a zero-day, using malicious Microsoft Office documents to execute code remotely for both financial gain and espionage.
In an advisory issued today, Microsoft describes the Office update as one that enhances security as a 'defense in depth measure.' Further details from the company reveal that the update is specifically designed to halt the attack chain that triggers CVE-2023-36884.
Microsoft strongly advises users to install the Office updates released today, along with the Windows updates from this month. The original advisory from Microsoft clarified that an attacker could exploit the vulnerability by sending a specially crafted file via email or messaging communication. Even though user interaction is necessary, threat actors could easily devise a sufficiently convincing bait to entice the potential victim into opening the malicious file.
According to Microsoft's evaluation, successful exploitation could result in a significant loss of confidentiality, integrity, and availability, implying that an attacker could introduce a malicious file that bypasses Mark of the Web (MoTW) defenses and enables code execution on the compromised system.
The Office updates released today, designed to prevent exploitation of the Windows Search security bypass vulnerability identified as CVE-2023-36884, are available for the Microsoft Office 2013/2016/2019 suite and apps, supporting both 32-bit and 64-bit architectures. The severity level for this update has been rated as moderate.