Rewterz Threat Advisory – CVE-2023-36413 – Microsoft Office Zero-Day Vulnerability

Rewterz Threat Update – North Korean-Based APT38 Targets IT Job Seekers

November 15, 2023

Rewterz Threat Advisory – Multiple Microsoft Windows Zero Day Vulnerabilities

November 15, 2023

Rewterz Threat Advisory – CVE-2023-36413 – Microsoft Office Zero-Day Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-36413

Microsoft Office could allow a remote attacker to bypass security restrictions. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to bypass the Office Protected View and open in editing mode instead of protected mode.

Impact

Security Bypass

Indicators Of Compromise

CVE

CVE-2023-36413

Affected Vendors

Microsoft

Affected Products

Microsoft Office 2016 x32
Microsoft Office 2016 x64
Microsoft Office 2019 x32
Microsoft Office 2019 x64
Microsoft 365 Apps for Enterprise x32
Microsoft 365 Apps for Enterprise x64
Microsoft Office LTSC 2021 x32
Microsoft Office LTSC 2021 x64

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

Microsoft Security TechCenter

Rewterz Threat Update – North Korean-Based APT38 Targets IT Job Seekers

Rewterz Threat Advisory – Multiple Microsoft Windows Zero Day Vulnerabilities

Rewterz Threat Advisory – CVE-2023-36413 – Microsoft Office Zero-Day Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan