Microsoft Office Defense-In-Depth Update Thwarts Actively Exploited RCE Attack Chain

August 8, 2023

Microsoft has released a crucial update for its Office software to counter a remote code execution (RCE) vulnerability, known as CVE-2023-36884, which has previously been exploited in attacks.

This update, part of Microsoft's August Patch Tuesday, addresses a security issue that was initially disclosed in July. Although Microsoft did not immediately provide a patch for it, they did offer mitigation advice. The vulnerability was first identified as an RCE within Microsoft Office, but subsequent analysis led to it being reclassified as a Windows Search RCE.

The RomCom threat group had been exploiting this vulnerability as a zero-day, using malicious Microsoft Office documents to execute code remotely for both financial gain and espionage.

In an advisory issued today, Microsoft describes the Office update as one that enhances security as a 'defense in depth measure.' Further details from the company reveal that the update is specifically designed to halt the attack chain that triggers CVE-2023-36884.

Microsoft strongly advises users to install the Office updates released today, along with the Windows updates from this month. The original advisory from Microsoft clarified that an attacker could exploit the vulnerability by sending a specially crafted file via email or messaging communication. Even though user interaction is necessary, threat actors could easily devise a sufficiently convincing bait to entice the potential victim into opening the malicious file.

According to Microsoft's evaluation, successful exploitation could result in a significant loss of confidentiality, integrity, and availability, implying that an attacker could introduce a malicious file that bypasses Mark of the Web (MoTW) defenses and enables code execution on the compromised system.

The Office updates released today, designed to prevent exploitation of the Windows Search security bypass vulnerability identified as CVE-2023-36884, are available for the Microsoft Office 2013/2016/2019 suite and apps, supporting both 32-bit and 64-bit architectures. The severity level for this update has been rated as moderate.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.