CVE-2023-36884 - Microsoft Windows Search Remote Code Execution Vulnerability
Project:Microsoft
Product:Windows
Date Added:2023-07-17Due Date:2023-08-29
Vulnerability Name
Microsoft Windows Search Remote Code Execution Vulnerability
Description
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
https://nvd.nist.gov/vuln/detail/CVE-2023-36884
Related News Articles
Firefox and Windows zero-days exploited by Russian RomCom hackersNovember 26, 2024
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated CyberattacksNovember 26, 2024
Underground ransomware claims attack on Casio, leaks stolen dataOctober 11, 2024