The 8th August Patch Tuesday fixes a remote code execution vulnerability that cybercriminals have been actively exploiting in ongoing campaigns. CVE-2023-36884 was initially identified in July however Microsoft only provided mitigation advice until this patch addressed the vulnerability.
Initially believed to be exclusive to Microsoft Office, it was later identified that the vulnerability was Windows Search remote code execution. This vulnerability was primarily exploited by the RomCom threat group who used it as a zero-day for financial and espionage reasons.
Microsoft have said that this patch is designed to stop the attack chain that triggers CVE-2023-36884 in a patch that “provides enhanced security as a defence in depth measure”. This vulnerability could be exploited by an attacker by creating a specially crafted file that could be sent via email or some other messaging service to an unaware victim.
Upon interaction with the malicious file the vulnerability can be exploited which won’t be difficult if the file has been sent as part of a spear phishing attack or alongside the use of social engineering.
Microsoft recommended updating their products to the latest version to help prevent this vulnerability from effecting your business. In addition raising staff awareness of phishing attacks and malicious files.
To enquire about Staff Awareness Training or requests for Cyber Security Reviews within the East Midlands contact us here: EMSOUCyberProtect@leics.police.uk