CVE-2023-36884

Vulnerability updated 3 months ago (2024-11-29T14:01:55.040Z)

Download STIX

Preview STIX

CVE-2023-36884 is a significant software vulnerability that affects Microsoft Windows, Server, Office, and Outlook. This flaw in the design or implementation of these software platforms allows for remote code execution (RCE), which has been exploited by cybercriminals and potentially state-sponsored actors. The vulnerability specifically enables an attack chain leading to the bypass of the Windows Search security feature. Notably, this flaw has been abused by the Underground ransomware, and its technical details have been publicly disclosed, increasing the risk of widespread exploitation. In response to the active threat posed by CVE-2023-36884, Microsoft has released a defense-in-depth update. Although not a direct patch for the vulnerability, the update effectively disrupts the attack chain, mitigating the potential for successful exploitation. It is important to note that this mitigation strategy is designed to prevent abuse of the Windows Search security feature bypass vulnerability. The update applies to Microsoft Office and contributes to fortifying the overall security posture against the RCE vulnerability. The exploitation of CVE-2023-36884 underlines the critical importance of timely vulnerability management and patch application. As demonstrated in this case, our monitoring can identify the emergence of research or news stories related to such vulnerabilities, enabling prompt assessment and analysis. To protect against potential infection vectors like CVE-2023-36884, it is recommended to install all available security updates and maintain awareness of emerging threats.

Description last updated: 2024-10-17T12:02:06.209Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Vulnerability

Windows

Exploit

Exploits

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The RomCom Malware is associated with CVE-2023-36884. RomCom, a malicious software, has been identified as a significant cyber threat. Reports from third-party and open-source intelligence since spring 2022 have indicated a connection between RomCom Remote Access Trojan (RAT) actors, Cuba ransomware actors, and Industrial Spy ransomware actors. The mal	Unspecified	4

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Void Rabisu Threat Actor is associated with CVE-2023-36884. Void Rabisu, also known as Storm-0978, UNC2596, and Tropical Scorpius, is a malicious software (malware) notable for its use of the ROMCOM backdoor. This malware has been involved in numerous attacks, including those targeting attendees of the Women Political Leaders Summit (WPL Summit) in 2023. In	Unspecified	3

Source Document References

Information about the CVE-2023-36884 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	20 days ago	RomCom exploits Firefox and Windows zero days in the wild
Contagio	6 months ago	2024-08-29 UNDERGROUND Ransomware Samples
Fortinet	6 months ago	Ransomware Roundup - Underground \| FortiGuard Labs
Securelist	7 months ago	Analyzing the vulnerability landscape in Q2 2024
Securelist	a year ago	PC malware statistics, Q3 2023
CERT-EU	a year ago	CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
CERT-EU	a year ago	In-depth analysis of July 2023 exploit chain featuring CVE-2023-36884 and CVE-2023-36584 - Cyber Security Review
CERT-EU	a year ago	In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
Unit42	a year ago	In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
CERT-EU	a year ago	RomCom Malware Group Targets EU Gender Equality Summit
InfoSecurity-magazine	a year ago	New RomCom Backdoor Targets Female Political Leaders
CERT-EU	a year ago	New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
Trend Micro	a year ago	Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
CERT-EU	2 years ago	Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU	2 years ago	Geopolitical Warfare in the Digital Age: The NATO Summit Cyber Incursion
CERT-EU	2 years ago	Akira Ransomware, 8Base Ransomware, and more: Hacker’s Playbook Threat Coverage Round-up: August 22, 2023
CrowdStrike	2 years ago	August 2023 Patch Tuesday: Updates and Analysis
Krebs on Security	2 years ago	Apple & Microsoft Patch Tuesday, July 2023 Edition
CERT-EU	2 years ago	Microsoft Patch Tuesday, August 2023 Security Update Review \| Qualys Security Blog
Malwarebytes	2 years ago	August patch Tuesday stops actively exploited attack chain and more