Microsoft Office update breaks actively exploited RCE attack chain
Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks.
In today's Microsoft August Patch Tuesday, the update helps fix CVE-2023-36884, a security issue disclosed in July, which Microsoft did not patch at the time but provided mitigation advice.
Initially, the bug was reported as an RCE in Microsoft Office, but further review led to classifying it as a Windows Search remote code execution.
Hackers exploited the vulnerability as a zero-day to execute code remotely using malicious Microsoft Office documents in attacks from the RomCom threat group for financial and espionage purposes.
Enhanced security to stop RCE
In an advisory today, Microsoft refers to the Office update as one "that provides enhanced security as a defense in depth measure."
Additional information from the company explains that the update is designed to stop the attack chain that triggers CVE-2023-36884.
Microsoft recommends installing the Office updates released today as well as Windows updates from this month.
In the original advisory, Microsoft explains that an attacker could exploit the vulnerability by sending a specially crafted file over email or message communication.
Although user interaction is required, threat actors could easily come up with a sufficiently convincing bait and lure the potential victim into opening the malicious file.
As per Microsoft's assessment, successful exploitation could lead to high loss of confidentiality, integrity, and availability, meaning that an attacker could drop a malicious file evading Mark of the Web (MoTW) defenses and provide code execution on the compromised system.
Today's Office updates for stopping exploitation of the Windows Search security bypass vulnerability identified as CVE-2023-36884 are available for the Microsoft Office 2013/2016/2019 suite and apps for both 32-bit and 64-bit architectures.
The severity level for the update has been assessed to be a moderate one.