CVE-2023-36884: Windows Search Remote Code Execution Vulnerability
First published: Tue Jul 11 2023(Updated: )
Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978 Entry for important information about steps you can take to protect your system from this vulnerability. This CVE will be updated with new information and links to security updates when they become available.
Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Word 2016 | ||
| Microsoft Word 2016 | ||
| Microsoft Word 2013 | ||
| Microsoft Word 2013 | ||
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Office 2019 for Mac | ||
| Microsoft Office LTSC 2021 | ||
| Microsoft Office 2019 for Mac | ||
| Microsoft Office LTSC 2021 | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2019 | ||
| Windows 11 | =22H2 | |
| Windows 11 | =22H2 | |
| Windows 11 | =21H2 | |
| Windows 11 | =21H2 | |
| Windows 11 | =22H2 | |
| Windows 11 | =22H2 | |
| Windows 11 | =21H2 | |
| Windows 11 | =21H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2022 | ||
| Microsoft Windows 10 | <10.0.10240.20107 | |
| Microsoft Windows 10 | <10.0.14393.6167 | |
| Microsoft Windows 10 | <10.0.14393.6167 | |
| Microsoft Windows 10 | <10.0.17763.4737 | |
| Microsoft Windows 10 | <10.0.17763.4737 | |
| Microsoft Windows 10 | <10.0.17763.4737 | |
| Microsoft Windows 10 | <10.0.19044.3324 | |
| Microsoft Windows 10 | <10.0.19044.3324 | |
| Windows 11 | <10.0.22000.2295 | |
| Windows 11 | <10.0.22621.2134 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server 2016 | <10.0.14393.6167 | |
| Microsoft Windows Server 2019 | <10.0.17763.4737 | |
| Microsoft Windows Server 2022 | <10.0.20348.1903 | |
| Microsoft Office | =2019 | |
| Microsoft Office | =2019 | |
| Microsoft Office | =2021 | |
| Microsoft Office | =2021 | |
| Microsoft Office Word | =2013-sp1 | |
| Microsoft Office Word | =2016 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Windows 11 | =22h2 | |
| Windows 11 | =22h2 | |
| Windows 11 | ||
| Windows 11 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022 | ||
| Windows 10 | =1809 | |
| Windows 10 | =1809 | |
| Windows 10 | =1809 | |
| Windows 10 | =22H2 | |
| Windows 10 | =22H2 | |
| Windows 10 | =22H2 | |
| Windows 10 | =1607 | |
| Windows 10 | =1607 | |
| Windows 10 | =21H2 | |
| Windows 10 | =21H2 | |
| Windows 10 | =21H2 | |
| Windows 10 | ||
| Windows 10 | ||
| Windows 10 | =1809 | |
| Windows 10 | =1809 | |
| Windows 10 | =1809 | |
| Windows 10 | =22H2 | |
| Windows 10 | =22H2 | |
| Windows 10 | =22H2 | |
| Windows 10 | =21H2 | |
| Windows 10 | =21H2 | |
| Windows 10 | =21H2 | |
| Windows 10 | ||
| Windows 10 | ||
| Microsoft Windows Operating System |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 (Advisory)
- http://seclists.org/fulldisclosure/2023/Jul/43
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884;
- https://nvd.nist.gov/vuln/detail/CVE-2023-36884
- https://www.bleepingcomputer.com/news/security/underground-ransomware-claims-attack-on-casio-leaks-stolen-data/
- https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/
- https://www.theregister.com/2024/12/01/interpol_cybercrime_busting/
Frequently Asked Questions
What is the severity of CVE-2023-36884?
CVE-2023-36884 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2023-36884?
To remediate CVE-2023-36884, users should apply the latest security patches provided by Microsoft.
What products are affected by CVE-2023-36884?
CVE-2023-36884 impacts multiple Microsoft products including various versions of Windows and Microsoft Office.
Are there any known exploits for CVE-2023-36884?
Yes, there are reports of targeted attacks that exploit CVE-2023-36884 using specially-crafted Microsoft Office documents.
How can I tell if I am affected by CVE-2023-36884?
Users can determine if they are affected by CVE-2023-36884 by checking their version of Microsoft Office or Windows against the list of affected products.
- collector/msrc
- collector/msrc-cve
- agent/type
- agent/first-publish-date
- exploited/true
- source/Microsoft
- agent/remedy
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/weakness
- agent/description
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2023-36884
- alias/CVE-2024-9680
- alias/CVE-2024-49039
- collector/the-register
- source/The Register
- alias/CVE-2023-28461
- agent/references
- agent/event
- agent/trending
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/nvd-index
- collector/nvd-latest
- agent/softwarecombine
- agent/tags
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- vendor/microsoft
- canonical/microsoft word 2016
- canonical/microsoft word 2013
- canonical/microsoft windows server 2008 r2
- canonical/microsoft windows server 2012 r2
- canonical/microsoft office 2019 for mac
- canonical/microsoft office ltsc 2021
- canonical/microsoft windows server
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019
- canonical/windows 11
- version/windows 11/22h2
- version/windows 11/21h2
- canonical/microsoft windows server 2022
- canonical/microsoft windows 10
- version/microsoft windows server/sp2
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- canonical/microsoft office
- version/microsoft office/2019
- version/microsoft office/2021
- canonical/microsoft office word
- version/microsoft office word/2013-sp1
- version/microsoft office word/2016
- canonical/windows 10
- version/windows 10/1809
- version/windows 10/22h2
- version/windows 10/1607
- version/windows 10/21h2
- canonical/microsoft windows operating system