Urgent Advisory: Unpatched Zero-Day (CVE-2023-36884) Exploited

Read the latest news on CVE-2023-36884

In today’s digitally interconnected business environment, cybersecurity is not a luxury, but a necessity. A recently discovered zero-day vulnerability, CVE-2023-36884, affecting Microsoft Windows and Office products, is currently being exploited in highly targeted attacks. The vulnerability can lead to remote code execution when a user opens specially-crafted Microsoft Office documents.

Reports indicate that the threat actor group known as Storm-0978, also referred to as RomCom, has exploited this vulnerability. This group, believed to be based out of Russia, is known for its ransomware and extortion activities as well as targeted credential-gathering campaigns, primarily impacting government and military organizations in Ukraine, Europe, and North America.

The group exploits CVE-2023-36884 through phishing campaigns, using documents related to the Ukrainian World Congress as bait. If successful, they deliver a backdoor with similarities to their known RomCom backdoor. It’s important to note that while these attacks are highly targeted, the potential for wider exploitation cannot be ruled out.

At present, Microsoft has not yet released patches for this zero-day. In the meantime, IT teams are advised to implement mitigating controls. Microsoft recommends using Defender for Office and enabling the “Block all Office applications from creating child processes” Attack Surface Reduction Rule for protection against this vulnerability.

For organizations unable to utilize these protections, it is recommended to add specific application names to a registry key (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION) to block exploitation attempts. However, this measure may impact some Microsoft Office functionality.

Microsoft is diligently working on a fix for CVE-2023-36884. IT teams are encouraged to prepare for immediate patch deployment once the update is released. In the meantime, all organizations are urged to increase their vigilance against phishing attempts and to reinforce security awareness among their staff.

In conclusion, as the cyber threat landscape continues to evolve, maintaining a robust security posture is an ongoing challenge for businesses. CulperSec is here to support you in this endeavor. Our team of cybersecurity experts, armed with cutting-edge technology, is committed to keeping your business secure. We provide services that go beyond just threat detection – from proactive vulnerability assessments, comprehensive security training for your employees, to immediate incident response. With CVE-2023-36884 and similar threats, our team can help implement the recommended mitigation measures and prepare your systems for the upcoming patches. Moreover, we continuously monitor the cybersecurity landscape and provide timely alerts and advice on emerging threats. With CulperSec, you have a trusted partner who stands guard, providing an essential layer of protection in a world where cyber threats are a constant reality. Secure your business with CulperSec – because your peace of mind is our mission.

Got a question?
Reach out!

Connect with our team today to find out how much you can save over your current cybersecurity solution!

Connect with our experts