Mohsen Ghaffari 0 Posted July 14, 2023 Share Posted July 14, 2023 Hello, Microsoft has issued an advisory regarding the following 0day https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36884 Currently no patches are available and Microsoft mentions that windows defender for office can block the exploit. any eset update on the issue? are eset customers protected? Thank you! Link to comment Share on other sites More sharing options...
ESET Moderators Solution Peter Randziak 1,171 Posted July 14, 2023 ESET Moderators Solution Share Posted July 14, 2023 Hello @Mohsen Ghaffari, we have a detections in place for payloads used in exploitation of this vulnerability. Peter Link to comment Share on other sites More sharing options...
itman 1,755 Posted July 14, 2023 Share Posted July 14, 2023 (edited) I will also note if Eset recommended anti-ransoware HIPS rules are deployed in regards to MS Office apps, this vulnerability can't be exploited; Quote In current attack chains, the use of the Block all Office applications from creating child processes attack surface reduction rule prevents the vulnerability from being exploited https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/ Edited July 14, 2023 by itman Mohsen Ghaffari 1 Link to comment Share on other sites More sharing options...
StevenShark 0 Posted July 20, 2023 Share Posted July 20, 2023 On 7/14/2023 at 9:30 PM, Peter Randziak said: Hello @Mohsen Ghaffari, we have a detections in place for payloads used in exploitation of this vulnerability. Peter Hi @Peter Randziak, can you please share a link to confirm that this vulnerability is covered by ESET? Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted July 20, 2023 Administrators Share Posted July 20, 2023 ESET detects the payloads depending on their variants. The detections are: - variant of Win32/Exploit.CVE-2017-0199 (document payloads) - variants of Win64/Agent (RomCom backdoor) - variants of Python/Impacket (Impacket framework) - variants of Win32/Exploit.CVE-2017-0199 (XML payloads) Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts