Advisory Notice - Microsoft Office Remote Code Execution Vulnerability (CVE-2023-36884)

Microsoft recently disclosed a zero-day vulnerability (CVE-2023-36884) which is currently being exploited in the wild. Attackers are coercing users via social engineering phishing techniques into opening a specially-crafted Microsoft Office document that could result in remote code execution. Even though Microsoft Defender for O365 provides protection against attachments designed to exploit CVE-2023-36884, we ask the community to exercise extra caution when opening attachments from unknown users or email addresses. Microsoft does not have a patch and may release an out-of-cycle security update. The Information Security team will provide more information when available. 

If you opened a suspicious attachment, report it immediately to infosec@yorku.ca. If you received a suspicious email, please report it by clicking on the Report Phishing button.

Severity level:-
CVSS Score: 8.3/ high

Affected Applications:-
Excel.exe
Graph.exe
MSAccess.exe
MSPub.exe
Powerpnt.exe
Visio.exe
WinProj.exe
WinWord.exe
Wordpad.exe

Impact:-
Potential system compromise

Resolution:-
Patches are currently not available. Microsoft may release an out-of-cycle security update.

Reference:-
https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2023-patch-tuesday-warns-of-6-zero-days-132-flaws/
https://www.tenable.com/blog/microsofts-july-2023-patch-tuesday-addresses-130-cves-cve-2023-36884
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/