Cybersecurity Threat Advisory: New Microsoft Word vulnerability

What is the threat?

CVE-2023-36761 is an information disclosure vulnerability that has been exploited in the wild as a zero-day vulnerability. It has been publicly disclosed prior to a patch being available. Successful exploitation of this flaw would allow for the disclosure of New Technology LAN Manager (NTLM) hashes, which could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold in an organization. Microsoft has confirmed that the preview pane is an attack vector, meaning that simply previewing a specially crafted file can cause the exploit to trigger.

Why is it noteworthy?

CVE-2023-36761 has been mentioned at least once in a post with ransomware related content. As well as having at least one reported exploit in the wild, and it was mentioned at least once in a post with APT related content. This is the second zero-day vulnerability disclosed this year that could result in the disclosure of NTLM hashes.

What is the exposure or risk?

CVE-2023-36761 has been noted by the exploit prediction scoring system (EPSS) that the probability of exploitation in the next 30 days is as high as 57 percent. Since the preview pane is also an attack vector, it can put many electronic devices at risk.

What are the recommendations?

Barracuda MSP recommends the following actions to limit the impact of CVE-2023-36761:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Install Microsoft’s security update for Word 2016: KB5002497.
Frequently download the latest Microsoft security patches and updates.

References

For more in-depth information about the recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact our Security Operations Center.

Categories

Tags

Archives