Unpatched Office Remote Code Execution Vulnerability (CVE-2023-36884)

Fortiguard Security Advisory

What is the Attack?

On June 11, 2023, Microsoft released an advisory and a blog for a new Office and Windows HTML Remote Code Execution (RCE) vulnerability that was reportedly leveraged by the Storm-0978 threat actor in attacks against defense and government agencies in Europe and North America. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Microsoft Office document. The vulnerability has a CVSS base score of 8.3 and is rated important by Microsoft.

Why is this Significant?

The CVE-2023-36884 has no available patch and there are reported exploitation in the wild.

What is the Vendor Solution?

Microsoft has not released a fix for CVE-2023-36884 at the time of this writing (June 12th, 2023). However, Microsoft has provided mitigation steps for CVE-2023-36884 in the advisory. For more information, please see the Appendix for the link to “CVE-2023-36884 (Microsoft)”.

What FortiGuard Coverage is available?

FortiGuard Labs FortiGuard Labs has updated an IPS signature “MS.Office.RTF.File.OLE.autolink.Code.Execution” in response to CVE-2023-36884.
For a full comprehensive lists of protections from FortiGuard Labs, please visit the Outbreak Alert page for further details.