Microsoft Office update breaks actively exploited RCE attack chain


In order to stop threat actors from exploiting a remote code execution (RCE) vulnerability identified as CVE-2023-36884, Microsoft today published a defense-in-depth update for Microsoft Office.

Today’s Microsoft August Patch Tuesday addresses CVE-2023-36884, a security flaw that was first reported in July but for which Microsoft at the time did not release a fix but instead offered mitigating guidance.The problem was initially identified as an RCE in Microsoft Office, but after further examination, it was determined to be a Windows Search remote code execution.

Read More…