Windows OLE Remote Code Execution Vulnerability (CVE-2023-29325)

Fortiguard Security Advisory

What is Windows OLE?

OLE (Object Linking and Embedding) is a feature in Microsoft Windows that enables software to work together and share data. The feature, for example, allows a table created using Microsoft Excel either be embedded or linked to Microsoft PowerPoint.

What is the Attack?

CVE-2023-29325 is a remote code execution vulnerability in Microsoft Outlook and is stemmed from a buffer error when loading OleCache object. Successful exploitation could result in remote code execution under the context of the vulnerable application. CVE-2023-29325 has a CVSS base score of 8.1 and is rated critical by Microsoft.

Why is this Significant?

This is significant because, while exploitation of CVE-2023-29325 has not been reported or observed – the vulnerability has been publicly disclosed and Proof-of-Concept (PoC) code is available. The Microsoft advisory states that exploitation is more likely. As such, the patch should be applied as soon as possible.

What is the Vendor Solution?

Microsoft released a fix as part of regular Microsoft Patch Tuesday on May 9th, 2023.

What FortiGuard Coverage is Available?

FortiGuard Labs has the following IPS signature in place that will prevent exploitation of CVE-2023-29325:
MS.Outlook.OleCache.CVE-2023-29325.Remote.Code.Execution

Is Mitigation Available?

The Microsoft advisory provides mitigation methods. Please refer to the Appendix for a link to “Windows OLE Remote Code Execution Vulnerability (CVE-2023-29325)”.

READ MORE