According to the BSI, the manufacturer Microsoft announced a zero-day vulnerability in the Office suite on July 11, 2023, which is being actively exploited. The CVE-2023-36884 vulnerability has been released and has a high risk CVSS score of 8.3 (CVSS v3.1). Microsoft cannot yet offer a patch for the vulnerability!
On July 11, 2023, the manufacturer Microsoft announced the zero-day vulnerability CVE-2023-36884 in the Office suite, which is being actively exploited. With a CVSS value of 8.3, the chess spot is considered highly dangerous. According to the manufacturer, a remote attacker can achieve remote code execution if the victim is tricked into opening a specially crafted Microsoft Office document. Microsoft currently has no patch for this vulnerability. However, Microsoft has made a workaround that blocks certain Office actions, but also makes certain work functions more difficult.
Missing patch increases the risk
According to the BSI, Microsoft is also reporting a phishing campaign in which the vulnerability is already being actively exploited. Accordingly, the threat actor Storm-0978 recently launched attacks on defense and government organizations in Europe and North America. The phishing emails used with prepared Word documents had a reference to the Ukrainian World Congress in the subject line. Storm-0978, best known for using its backdoor RomCom, is a Russia-based cybercriminal group that conducts opportunistic ransomware and extortion operations, as well as targeted credential collection campaigns likely to aid intelligence agency operations.
Storm-0978 develops and distributes the RomCom backdoor. The actor also deploys Underground ransomware, which is closely related to Industrial Spy ransomware, first circulated in May 2022. The actor's most recent campaign, discovered in June 2023, exploited the CVE-2023-36884 vulnerability to proliferate a backdoor with similarities to RomCom.
Microsoft July patch day closes critical 9.8 gap
As part of the July patchday, Microsoft has also closed actively exploited vulnerabilities that attackers can use to bypass security warnings when opening links in Outlook or the Windows SmartScreen warning when opening executable files. Exploited vulnerabilities that allow attackers to escalate privileges have also been closed.
According to Microsoft, it closed a total of 2023 vulnerabilities with its own CVE on patch day for July 130. The most dangerous gap had a CVSS score of 9.8 out of 10. But many other gaps also ranged from over 8 to over 9.
To the warning at BSI.Bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.