CVE-2023-36884

Vulnerability updated a month ago (2024-10-17T13:01:01.749Z)

Download STIX

Preview STIX

CVE-2023-36884 is a significant software vulnerability that affects Microsoft Windows, Server, Office, and Outlook. This flaw in the design or implementation of these software platforms allows for remote code execution (RCE), which has been exploited by cybercriminals and potentially state-sponsored actors. The vulnerability specifically enables an attack chain leading to the bypass of the Windows Search security feature. Notably, this flaw has been abused by the Underground ransomware, and its technical details have been publicly disclosed, increasing the risk of widespread exploitation. In response to the active threat posed by CVE-2023-36884, Microsoft has released a defense-in-depth update. Although not a direct patch for the vulnerability, the update effectively disrupts the attack chain, mitigating the potential for successful exploitation. It is important to note that this mitigation strategy is designed to prevent abuse of the Windows Search security feature bypass vulnerability. The update applies to Microsoft Office and contributes to fortifying the overall security posture against the RCE vulnerability. The exploitation of CVE-2023-36884 underlines the critical importance of timely vulnerability management and patch application. As demonstrated in this case, our monitoring can identify the emergence of research or news stories related to such vulnerabilities, enabling prompt assessment and analysis. To protect against potential infection vectors like CVE-2023-36884, it is recommended to install all available security updates and maintain awareness of emerging threats.

Description last updated: 2024-10-17T12:02:06.209Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Vulnerability

Windows

Exploit

Exploits

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The RomCom Malware is associated with CVE-2023-36884. The RomCom malware, a Remote Access Trojan (RAT), has been linked to Cuba ransomware actors and Industrial Spy ransomware actors, according to third-party and open-source reports. Since spring 2022, the Russian-speaking group UAT-5647, also known as RomCom, has targeted Ukrainian government entities	Unspecified	3

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Void Rabisu Threat Actor is associated with CVE-2023-36884. Void Rabisu, also known as Storm-0978, UNC2596, and Tropical Scorpius, is a malicious software (malware) notable for its use of the ROMCOM backdoor. This malware has been involved in numerous attacks, including those targeting attendees of the Women Political Leaders Summit (WPL Summit) in 2023. In	Unspecified	3

Source Document References

Information about the CVE-2023-36884 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Contagio	3 months ago	2024-08-29 UNDERGROUND Ransomware Samples
Fortinet	3 months ago	Ransomware Roundup - Underground \| FortiGuard Labs
Securelist	3 months ago	Analyzing the vulnerability landscape in Q2 2024
Securelist	a year ago	PC malware statistics, Q3 2023
CERT-EU	a year ago	CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
CERT-EU	a year ago	In-depth analysis of July 2023 exploit chain featuring CVE-2023-36884 and CVE-2023-36584 - Cyber Security Review
CERT-EU	a year ago	In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
Unit42	a year ago	In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
CERT-EU	a year ago	RomCom Malware Group Targets EU Gender Equality Summit
InfoSecurity-magazine	a year ago	New RomCom Backdoor Targets Female Political Leaders
CERT-EU	a year ago	New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
Trend Micro	a year ago	Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
CERT-EU	a year ago	Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU	a year ago	Geopolitical Warfare in the Digital Age: The NATO Summit Cyber Incursion
CERT-EU	a year ago	Akira Ransomware, 8Base Ransomware, and more: Hacker’s Playbook Threat Coverage Round-up: August 22, 2023
CrowdStrike	a year ago	August 2023 Patch Tuesday: Updates and Analysis
Krebs on Security	a year ago	Apple & Microsoft Patch Tuesday, July 2023 Edition
CERT-EU	a year ago	Microsoft Patch Tuesday, August 2023 Security Update Review \| Qualys Security Blog
Malwarebytes	a year ago	August patch Tuesday stops actively exploited attack chain and more
CERT-EU	a year ago	CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio