New Microsoft Word Vulnerability CVE-2023-36761

Introduction

In the ever-evolving landscape of cybersecurity, new vulnerabilities emerge that pose potential threats to organizations and their data. One such recent vulnerability has been identified in Microsoft Word, labeled CVE-2023-36761. This advisory from Enterprotect aims to provide a comprehensive overview of the threat, its significance, the associated risks, and our expert recommendations to ensure your organization remains protected.

What is the Threat?

CVE-2023-36761 is an information disclosure vulnerability that has already been exploited as a zero-day vulnerability. This means it was publicly disclosed before an official patch was made available. A successful exploitation can lead to the disclosure of New Technology LAN Manager (NTLM) hashes. These hashes can be misused in NTLM relay or pass-the-hash attacks, allowing attackers to strengthen their position within an organization. Furthermore, Microsoft has verified that the preview pane acts as an attack vector. This implies that merely previewing a maliciously crafted file can activate the exploit.

Why is it Noteworthy?

Several factors make CVE-2023-36761 particularly significant:

1. Ransomware and APT Associations: The vulnerability has been referenced in content related to ransomware and has also been mentioned in conjunction with Advanced Persistent Threat (APT) content.

2. Previous Occurrences: This is the second zero-day vulnerability disclosed this year with the potential to reveal NTLM hashes.

3. Exploitation in the Wild: There have been reports of this vulnerability being exploited in real-world scenarios.

What is the Exposure or Risk?

The exploit prediction scoring system (EPSS) has indicated that the likelihood of CVE-2023-36761 being exploited within the next month is as high as 57%. Given that the preview pane is an attack vector, a vast number of electronic devices could be at risk. This vulnerability's potential widespread impact underscores the importance of timely action and mitigation.

What are the Recommendations?

Enterprotect suggests the following measures to mitigate the impact of CVE-2023-36761:

• Vendor Instructions: Adhere to any mitigation guidelines provided by the vendor. If no such guidelines are available, consider discontinuing the product's use temporarily.

• Security Update: Ensure the installation of Microsoft's security update for Word 2016: KB5002497.

• Regular Updates: Consistently download and install the most recent Microsoft security patches and updates to stay protected against emerging threats.

References

For a deeper understanding of the recommendations and further details about the vulnerability, consider the following resources:

• NVD - CVE-2023-36761

• Security Update Guide - Microsoft - Microsoft Word Information Disclosure Vulnerability

• Description of the security update for Word 2016: September 12, 2023 (KB5002497) - Microsoft Support

• CVE-2023-36761 | AttackerKB

• CVE-2023-36761: Microsoft Word Information Disclosure Vulnerability