CVE-2023-36884 - Microsoft Office and Windows HTML RCE v1.0.4

This pack handles CVE-2023-36884 - Microsoft Office and Windows HTML RCE vulnerability

Author:
Cortex XSOAR
Support:
xsoar
URL:
https://www.paloaltonetworks.com/cortex
agentixxsiam
Case Management

README

CVE-2023-36884 - Microsoft Office and Windows HTML RCE

Microsoft recently detected a sophisticated phishing campaign orchestrated by a threat actor called Storm-0978. The targets of this campaign were defense and government organizations in Europe and North America. The attackers exploited the previously undisclosed CVE-2023-36884, introduced in July’s recent Patch Tuesday release.

CVE-2023-36884 is affecting both Office and Windows. This zero-day vulnerability enables remote code execution through specially crafted Microsoft Office documents.

This pack will provide you with a first response kit which includes:

  • Threat Hunting Queries
  • IoC Collection and Remediation
  • Mitigation Measures

References:

CVE-2023-36884 - Microsoft Office and Windows HTML Remote Code Execution: Threat Brief

Storm-0978 attacks reveal financial and espionage motives