CVE ID
CVE-2023-36884
Vulnerability Name
Microsoft Windows Search Remote Code Execution Vulnerability
- Project: Microsoft
- Product: Windows
Date
- Date Added: 2023-07-17
- Due Date: 2023-08-29
Description
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884; https://nvd.nist.gov/vuln/detail/CVE-2023-36884
Related Security News
- Details emerge on WinRAR zero-day attacks that infected PCs with malware
- Firefox and Windows zero-days exploited by Russian RomCom hackers
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
- Underground ransomware claims attack on Casio, leaks stolen data
Top comments (0)