Rewterz Threat Advisory – CVE-2023-36009 – Microsoft Word Vulnerability

Rewterz Threat Alert – APT37 Aka ScarCruft or RedEyes – Active IOCs

December 13, 2023

Rewterz Threat Advisory – Multiple Microsoft Dynamics 365 Vulnerabilities

December 13, 2023

Rewterz Threat Advisory – CVE-2023-36009 – Microsoft Word Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-36009

Microsoft Word could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.

Impact

Information Disclosure

Indicators Of Compromise

CVE

CVE-2023-36009

Affected Vendors

Microsoft

Affected Products

Microsoft 365 Apps for Enterprise x32
Microsoft 365 Apps for Enterprise x64
Microsoft Office 2016 x32
Microsoft Office 2016 x64
Microsoft Office LTSC 2021 x32
Microsoft Office LTSC 2021 x64
Microsoft Office 2019 x32
Microsoft Office 2019 x64
Microsoft Office LTSC for Mac 2021

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

Microsoft Security Advisory

Rewterz Threat Alert – APT37 Aka ScarCruft or RedEyes – Active IOCs

Rewterz Threat Advisory – Multiple Microsoft Dynamics 365 Vulnerabilities

Rewterz Threat Advisory – CVE-2023-36009 – Microsoft Word Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan