What is the Attack?

On June 11, 2023, Microsoft released an advisory and a blog for a new Office and Windows HTML Remote Code Execution (RCE) vulnerability that was reportedly leveraged by the Storm-0978 threat actor in attacks against defense and government agencies in Europe and North America. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Microsoft Office document. The vulnerability has a CVSS base score of 8.3 and is rated important by Microsoft.

Why is this Significant?

The CVE-2023-36884 has no available patch and there are reported exploitation in the wild.

What is the Vendor Solution?

Microsoft has not released a fix for CVE-2023-36884 at the time of this writing (June 12th, 2023). However, Microsoft has provided mitigation steps for CVE-2023-36884 in the advisory. For more information, please see the Appendix for the link to “CVE-2023-36884 (Microsoft)”.

What FortiGuard Coverage is available?

FortiGuard Labs is currently investigating potential samples that exploit CVE-2023-36884 for protection. We will update this Threat Signal when new information becomes available.

Read More

It was discovered that Knot Resolver did not correctly handle certain
client options. A remote attacker could send requests to malicous domains
and cause a denial of service.

Read More

The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information.

Read More