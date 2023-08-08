Microsoft has released an important update for Microsoft Office that addresses a remote code execution (RCE) vulnerability known as CVE-2023-36884. This vulnerability has already been exploited by threat actors in targeted attacks. Initially reported as an RCE in Microsoft Office, the vulnerability was later classified as a Windows Search remote code execution after further investigation.

The attackers used the vulnerability as a zero-day to remotely execute code by sending malicious Microsoft Office documents. The attacks were carried out by the RomCom threat group for financial gain and espionage purposes.

To better secure users, Microsoft has released an update that provides enhanced security measures to prevent the exploitation of CVE-2023-36884. This update is designed to interrupt the attack chain associated with the vulnerability. Microsoft recommends installing both the Office updates released today and the Windows updates from this month.

Exploiting the vulnerability requires user interaction, as the attacker needs to convince the victim to open a specially crafted file via email or message communication. If successfully exploited, the attacker could gain access to confidential information, disrupt system integrity, and compromise system availability. The attacker could evade Mark of the Web (MoTW) defenses and execute malicious code on the compromised system.

The Office updates released today address the CVE-2023-36884 vulnerability and are available for the Microsoft Office 2013/2016/2019 suite and apps for both 32-bit and 64-bit systems. The severity level of this update has been assessed as moderate. Users are strongly urged to apply the necessary updates to protect their systems from potential exploitation.

