Microsoft Office and Windows Zero-Day Fix: Syxsense Security Script Ready to Deploy

On top of Microsoft’s Patch Tuesday update yesterday, an out-of-band zero-day vulnerability was released. Tagged as CVE-2023-36884, Microsoft highlighted that this vulnerability impacts Windows and Office users and confirmed that it was investigating multiple reports of targeted code execution specifically using Microsoft Office documents.

At this time, there is no patch available.

Syxsense has created a security script and workflow to remediate the issue with a countermeasure. It is available now for Syxsense Secure users to scan and identify your organizational impact and for Syxsense Enterprise users to scan and deploy the countermeasure immediately. Customers can find the workflow in their Syxsense Cortex library, named “Office and Windows HTML Remote Code Execution Vulnerability” or via its CVE number, CVE-2023-36884.

For additional details on this month’s Patch Tuesday release, including a few vulnerabilities currently being exploited, check out our latest blog post.