Microsoft has released emergency security updates to address a critical remote code execution vulnerability affecting multiple products including Windows, Office, and Exchange Server.
Microsoft has released emergency security updates to address a critical remote code execution vulnerability tracked as CVE-2023-38831. The vulnerability has a CVSS score of 9.8 and is being actively exploited in the wild.
The vulnerability exists in the way Microsoft Office handles specially crafted embedded objects. An attacker could exploit this by convincing a user to open a malicious Office document, potentially leading to remote code execution with the same privileges as the current user.
Affected Products:
- Microsoft Office 2019 (Version 1916 and earlier)
- Microsoft Office 2021 (Version 2205 and earlier)
- Microsoft 365 Apps for Enterprise (Version 2302 and earlier)
- Microsoft 365 Apps for Business (Version 2302 and earlier)
- Microsoft Office for Mac (16.69 and earlier)
Mitigation Steps:
- Apply the security updates immediately:
- For systems unable to update immediately:
- Block Microsoft Office file types at email gateways
- Configure Office to open files in Protected View
- Disable macros from untrusted sources
- Implement application control policies to restrict execution of Office applications
Timeline:
- Vulnerability discovered: June 15, 2023
- Patch released: July 11, 2023 (Patch Tuesday)
- Exploitation detected: June 28, 2023
- Zero-day period: 13 days
Microsoft has classified this as a "Critical" severity vulnerability and urges all organizations to prioritize deployment of these updates. The company has also released Security Advisory 53001 with additional technical details.
Organizations should also review their incident response procedures and consider implementing additional controls such as application whitelisting and network segmentation to limit potential impact if exploitation occurs.
This vulnerability highlights the ongoing risks associated with complex document processing applications. Organizations should evaluate their security posture for similar vulnerabilities in other productivity suites and document processing systems.
For additional information, see:
Comments
Please log in or register to join the discussion