Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerability Affecting Microsoft Office & Windows
Alerts

Active Exploitation of Zero-Day Vulnerability Affecting Microsoft Office & Windows

14 August 2023

Microsoft has released a security update for a previously disclosed unpatched Windows Search Remote Code Execution vulnerability (CVE-2023-36884) impacting Office and Windows Products. The vulnerability is reportedly being actively exploited.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code using specially crafted Microsoft Office documents.

The Microsoft Office update provides enhanced security as a defense-in-depth measure to stop the attack chain leading to the exploitation of the vulnerability.

Users and administrators of affected product versions are advised to install the latest Office and Windows Updates respectively.

More information is available at:

https://msrc.microsoft.com/update-guide/vulnerability/ADV230003

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives 

Back to top