CVE-2023-36884

Vulnerability updated 8 days ago (2024-08-30T17:17:57.300Z)

Download STIX

Preview STIX

CVE-2023-36884 is a significant vulnerability in the design or implementation of Microsoft Windows, Server, Office, and Outlook software. This flaw, which allows for remote code execution (RCE), has been exploited in the wild, with its technical details publicly disclosed. The vulnerabilities, including CVE-2023-36884, have been abused by the Underground ransomware, leading to serious security concerns. Notably, this vulnerability can be exploited using specially-crafted Microsoft Office documents, making it a high-risk issue. Microsoft has taken steps to mitigate the impact of CVE-2023-36884. A defense-in-depth update was released for Microsoft Office that halts the attack chain leading to the Windows Search security feature bypass vulnerability. While not a patch, this update significantly reduces the potential for successful exploitation of the vulnerability. An additional pre-patch mitigation was issued to prevent the vulnerability from being further abused by cybercriminals, including Russian spies. Despite these mitigations, organizations are urged to remain vigilant against potential threats associated with CVE-2023-36884. Monitoring for first research or news stories, as well as gaining additional reference sources and context over time, can aid in threat assessment and analysis. Further information on protection against this potential infection vector can be found in the outbreak alert, and organizations are advised to install all available updates to bolster their defenses against this and other related vulnerabilities.

Description last updated: 2024-08-30T17:15:41.155Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Vulnerability

Windows

Exploit

Exploits

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
RomCom	Unspecified	3	RomCom is a type of malware, specifically a Remote Access Trojan (RAT), that has been linked to several cyber-attacks across Europe and North America. It was first identified in spring 2022, when third-party and open-source reports highlighted a potential connection between Cuba ransomware actors, R
Void Rabisu	Unspecified	3	Void Rabisu, also known as Storm-0978, UNC2596, and Tropical Scorpius, is a malicious software (malware) notable for its use of the ROMCOM backdoor. This malware has been involved in numerous attacks, including those targeting attendees of the Women Political Leaders Summit (WPL Summit) in 2023. In

Source Document References

Information about the CVE-2023-36884 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Contagio	5 days ago	2024-08-29 UNDERGROUND Ransomware Samples
Fortinet	8 days ago	Ransomware Roundup - Underground \| FortiGuard Labs
Securelist	17 days ago	Analyzing the vulnerability landscape in Q2 2024
Securelist	9 months ago	PC malware statistics, Q3 2023
CERT-EU	10 months ago	CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
CERT-EU	10 months ago	In-depth analysis of July 2023 exploit chain featuring CVE-2023-36884 and CVE-2023-36584 - Cyber Security Review
CERT-EU	10 months ago	In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
Unit42	10 months ago	In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
CERT-EU	a year ago	RomCom Malware Group Targets EU Gender Equality Summit
InfoSecurity-magazine	a year ago	New RomCom Backdoor Targets Female Political Leaders
CERT-EU	a year ago	New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
Trend Micro	a year ago	Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
CERT-EU	a year ago	Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU	a year ago	Geopolitical Warfare in the Digital Age: The NATO Summit Cyber Incursion
CERT-EU	a year ago	Akira Ransomware, 8Base Ransomware, and more: Hacker’s Playbook Threat Coverage Round-up: August 22, 2023
CrowdStrike	a year ago	August 2023 Patch Tuesday: Updates and Analysis
Krebs on Security	a year ago	Apple & Microsoft Patch Tuesday, July 2023 Edition
CERT-EU	a year ago	Microsoft Patch Tuesday, August 2023 Security Update Review \| Qualys Security Blog
Malwarebytes	a year ago	August patch Tuesday stops actively exploited attack chain and more
CERT-EU	a year ago	CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio