LR pixel

What is the Attack?

On June 11, 2023, Microsoft released an advisory and a blog for a new Office and Windows HTML Remote Code Execution (RCE) vulnerability that was reportedly leveraged by the Storm-0978 threat actor in attacks against defense and government agencies in Europe and North America. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Microsoft Office document. The vulnerability has a CVSS base score of 8.3 and is rated important by Microsoft.

Why is this Significant?

The CVE-2023-36884 has no available patch and there are reported exploitation in the wild.

What is the Vendor Solution?

Microsoft has not released a fix for CVE-2023-36884 at the time of this writing (June 12th, 2023). However, Microsoft has provided mitigation steps for CVE-2023-36884 in the advisory. For more information, please see the Appendix for the link to “CVE-2023-36884 (Microsoft)”.

What FortiGuard Coverage is available?

FortiGuard Labs is currently investigating potential samples that exploit CVE-2023-36884 for protection. We will update this Threat Signal when new information becomes available.