Threat Signal ReportUnpatched Office Remote Code Execution Vulnerability (CVE-2023-36884)
Description
| What is the Attack? |
On June 11, 2023, Microsoft released an advisory and a blog for a new Office and Windows HTML Remote Code Execution (RCE) vulnerability that was reportedly leveraged by the Storm-0978 threat actor in attacks against defense and government agencies in Europe and North America. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Microsoft Office document. The vulnerability has a CVSS base score of 8.3 and is rated important by Microsoft.
|
| Why is this Significant? | The CVE-2023-36884 has no available patch and there are reported exploitation in the wild. |
| What is the Vendor Solution? |
Microsoft has not released a fix for CVE-2023-36884 at the time of this writing (June 12th, 2023). However, Microsoft has provided mitigation steps for CVE-2023-36884 in the advisory. For more information, please see the Appendix for the link to "CVE-2023-36884 (Microsoft)". |
|
What FortiGuard Coverage is available?
|
FortiGuard Labs FortiGuard Labs has updated an IPS signature "MS.Office.RTF.File.OLE.autolink.Code.Execution" in response to CVE-2023-36884. For a full comprehensive lists of protections from FortiGuard Labs, please visit the Outbreak Alert page for further details. |
Telemetry
Appendix
Microsoft Office and Windows HTML RCE Vulnerability (Outbreak Alert)
CVE-2023-36884 (Microsoft)
Storm-0978 attacks reveal financial and espionage motives (Microsoft)
CVE-2023-36884 (MITRE)
✖
