Mohsen Ghaffari 0 Posted July 14 Share Posted July 14 Hello, Microsoft has issued an advisory regarding the following 0day https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36884 Currently no patches are available and Microsoft mentions that windows defender for office can block the exploit. any eset update on the issue? are eset customers protected? Thank you! Quote Link to comment Share on other sites More sharing options...
ESET Moderators Solution Peter Randziak 1,014 Posted July 14 ESET Moderators Solution Share Posted July 14 Hello @Mohsen Ghaffari, we have a detections in place for payloads used in exploitation of this vulnerability. Peter Quote Link to comment Share on other sites More sharing options...
itman 1,595 Posted July 14 Share Posted July 14 (edited) I will also note if Eset recommended anti-ransoware HIPS rules are deployed in regards to MS Office apps, this vulnerability can't be exploited; Quote In current attack chains, the use of the Block all Office applications from creating child processes attack surface reduction rule prevents the vulnerability from being exploited https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/ Edited July 14 by itman Mohsen Ghaffari 1 Quote Link to comment Share on other sites More sharing options...
StevenShark 0 Posted July 20 Share Posted July 20 On 7/14/2023 at 9:30 PM, Peter Randziak said: Hello @Mohsen Ghaffari, we have a detections in place for payloads used in exploitation of this vulnerability. Peter Hi @Peter Randziak, can you please share a link to confirm that this vulnerability is covered by ESET? Thank you Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,841 Posted July 20 Administrators Share Posted July 20 ESET detects the payloads depending on their variants. The detections are: - variant of Win32/Exploit.CVE-2017-0199 (document payloads) - variants of Win64/Agent (RomCom backdoor) - variants of Python/Impacket (Impacket framework) - variants of Win32/Exploit.CVE-2017-0199 (XML payloads) Peter Randziak 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.