Mohsen Ghaffari 1 Posted July 14, 2023 Posted July 14, 2023 Hello, Microsoft has issued an advisory regarding the following 0day https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36884 Currently no patches are available and Microsoft mentions that windows defender for office can block the exploit. any eset update on the issue? are eset customers protected? Thank you!
ESET Moderators Solution Peter Randziak 1,223 Posted July 14, 2023 ESET Moderators Solution Posted July 14, 2023 Hello @Mohsen Ghaffari, we have a detections in place for payloads used in exploitation of this vulnerability. Peter
itman 1,921 Posted July 14, 2023 Posted July 14, 2023 (edited) I will also note if Eset recommended anti-ransoware HIPS rules are deployed in regards to MS Office apps, this vulnerability can't be exploited; Quote In current attack chains, the use of the Block all Office applications from creating child processes attack surface reduction rule prevents the vulnerability from being exploited https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/ Edited July 14, 2023 by itman Mohsen Ghaffari 1
StevenShark 0 Posted July 20, 2023 Posted July 20, 2023 On 7/14/2023 at 9:30 PM, Peter Randziak said: Hello @Mohsen Ghaffari, we have a detections in place for payloads used in exploitation of this vulnerability. Peter Hi @Peter Randziak, can you please share a link to confirm that this vulnerability is covered by ESET? Thank you
Administrators Marcos 5,733 Posted July 20, 2023 Administrators Posted July 20, 2023 ESET detects the payloads depending on their variants. The detections are: - variant of Win32/Exploit.CVE-2017-0199 (document payloads) - variants of Win64/Agent (RomCom backdoor) - variants of Python/Impacket (Impacket framework) - variants of Win32/Exploit.CVE-2017-0199 (XML payloads) Peter Randziak 1
Recommended Posts