As per an urgent warning from the software company, Russian spies and cybercriminals actively exploit unaddressed security vulnerabilities in Microsoft Windows and Office products. In an uncommon move, Microsoft has identified “a series of vulnerabilities that allow remote code execution” affecting users of Windows and Office.
The company has confirmed that it has investigated several targeted attacks leveraging Microsoft Office documents. Microsoft’s security response team has assigned the identifier CVE-2023-36884 to the unpatched Office vulnerabilities and has hinted at the possibility of releasing an out-of-band patch before the upcoming Patch Tuesday next month.
This zero-day exploit in Microsoft Office adds to the extensive list of security flaws, with over 130 documented defects being addressed during this Patch Tuesday in the Microsoft Windows ecosystem.