virus logo Endpoint Vulnerability

Microsoft Windows Search CVE-2023-36884 Remote Code Execution Vulnerability

description-logoDescription

Race condition in the Windows Search component allows remote code execution with high confidentiality, integrity, and availability impact, requiring user interaction to exploit.

description-logoOutbreak Alert

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, a remote code execution vulnerability exploited via specially crafted Microsoft Office documents spread using phishing techniques.

View the full Outbreak Alert Report

affected-products-logoAffected Applications

Windows Server 2016
Windows Server 2022
Windows 10
Windows 11
Windows Server 2012
Windows Server 2008
Windows Server 2019

Version Updates

Date Version Status Detail
2023-08-08 1.00515
New
 Windows Server 2016,Windows Server 2022,Windows 10,Windows 11,Windows Server 2012,Windows Server 2008,Windows Server 2019

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
ID 76152
Created Aug 08, 2023
Description
Updated		 Jan 10, 2026
CVE ID
Tags Microsoft Office and Windows HTML Attack Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Microsoft
Patch auto
Application Windows Server 2016 , Windows Server 2022 , Windows 10 , Windows 11 , Windows Server 2012 , Windows Server 2008 , Windows Server 2019