The Cybersecurity & Infrastructure Security Agency (CISA) recently added a new vulnerability to its Known Exploited Vulnerabilities Catalog. This vulnerability, identified as CVE-2023-36884, is a Microsoft Office and Windows HTML Remote Code Execution Vulnerability. Let's take a closer look at this vulnerability and understand its implications.
Understanding the Vulnerability
Microsoft is currently investigating a series of remote code execution vulnerabilities impacting Windows and Office products. The company is aware of targeted attacks that attempt to exploit these vulnerabilities using specially-crafted Microsoft Office documents.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, for the attack to be successful, the attacker would have to convince the victim to open the malicious file.
Severity and Impact
The vulnerability has been assigned a CVSS (Common Vulnerability Scoring System) base score of 8.8, indicating a high level of severity. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, which suggests that the vulnerability can be exploited over a network (AV:N) with low complexity (AC:L), does not require privileged access (PR:N), requires user interaction (UI:R), and can have a high impact on confidentiality (C:H), integrity (I:H), and availability (A:H) of the system.
Affected Software Configurations
The vulnerability affects a wide range of Microsoft Office and Windows versions, including Microsoft Office 2019 and 2021, Microsoft Word 2013 and 2016, and various versions of Windows 10 and Windows 11, among others.
Mitigation and Protection
Microsoft is working on addressing this vulnerability and may provide a security update through their monthly release process or an out-of-cycle security update, depending on customer needs. In the meantime, users are advised to follow the recommendations provided in the Microsoft Threat Intelligence Blog to protect their systems from this vulnerability.
Conclusion
The CVE-2023-36884 vulnerability is a serious threat that can lead to remote code execution, posing significant risks to users of affected Microsoft products. It is crucial for users and organizations to stay informed about such vulnerabilities and take necessary steps to protect their systems.