19 matches found
New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the nam...
Exploit for Race Condition in Microsoft
CVE-2023-36884: MS Office HTML RCE with crafted documents On...
The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain
The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain By Trellix · August 24, 2023 This blog was written by Chintan Shah Executive Summary On July 11 2023, Microsoft released a patch fixing multiple actively exploited RCE vulnerabilities and disclosed a phishing campaign...
Microsoft Project 2016 Remote Code Execution Vulnerability (KB5002328)
This host is missing a critical security update according to Microsoft KB5002328 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft Visio 2016 Defense in Depth Security Update (KB5002418)
This host is missing an important security update according to Microsoft KB5002418. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
Microsoft Windows Multiple Vulnerabilities (KB5029244)
This host is missing an important security update according to Microsoft KB5029244 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Excel 2013 Service Pack 1 Defense in Depth Security Update (KB5002451)
This host is missing an important security update according to Microsoft KB5002451 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Excel 2016 Defense in Depth Security Update (KB5002463)
This host is missing an important security update according to Microsoft KB5002463 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Storm-0978 actively exploited the unpatched Office zero-day
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0978 is a Russian cybercriminal group that specializes in executing sophisticated phishing campaigns. Storm-0978 was found to be engaged in a new wave of attacks, leveraging the exploitation of...
Office and Windows HTML Remote Code Execution Vulnerability (CVE-2023-36884) Mitigation
The remote system may be vulnerable to CVE-2023-36884 since it does not have the correct FEATUREBLOCKCROSSPROTOCOLFILENAVIGATION registry key mitigations applied as referenced in the vendor advisory. An unauthenticated, remote attacker could exploit this, by using specially-crafted Microsoft Offi...
Exploit for Race Condition in Microsoft
This is a PoC exploit for CVE-2023-36884, a vulnerability in Mic...
CVE-2023-36884
creationtimestamp| type| source ---|---|--- 2023-07-11 21:56:22+00:00| seen| https://t.me/ctinow/123163 2023-07-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1062 2023-07-12 09:42:06+00:00| seen| https://t.me/kasperskyb2b/746 2023-07-12 09:56:39+00:00| exploited|...
Patch Tuesday - July 2023
Microsoft is addressing 130 vulnerabilities this July Patch Tuesday, including five zero-day vulnerabilities, and eight further critical remote code execution RCE vulnerabilities. Overall, it’s safe to say that this is a busier Patch Tuesday than the past couple of months. Note that the total cou...
CVE-2023-36884 Windows Search Remote Code Execution Vulnerability
...
CVE-2023-36884 Windows Search Remote Code Execution Vulnerability
...
CVE-2023-36884
CVE-2023-36884 is a Windows/Office RCE via Windows Search (.search-ms) triggered by specially crafted OOXML documents; active exploitation was noted (Storm-0978 campaign) and Microsoft released a patch/Defense in Depth mitigations in August 2023 to break the exploitation chain. Public PoCs/exploi...
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosu...
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosu...
CVE-2023-36884
Windows Search Remote Code Execution Vulnerability Recent assessments: cbeek-r7 at August 24, 2023 1:46pm UTC reported: CVE-2023-36884 is a fixed vulnerability that permitted remote code execution. Attackers could manipulate Microsoft Office files to bypass the Mark of the Web MoTW security...