TT-CSIRT-420.11.7.23: Microsoft Windows and Office Zero Day Vulnerability

TT-CSIRT-420.11.7.23: Microsoft Windows and Office Zero Day Vulnerability

Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim.

TT-CSIRT encourages administrators to review the following release from Microsoft and apply the necessary mitigations immediately: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884