MICROSOFT has warned about a zero-day vulnerability that is targeting users via Word documents.
Zero days are vulnerabilities that have not yet been patched or fixed by software developers.
1
This means they can be fully exploited in the wild by hackers and cybercriminals.
Microsoft revealed that this particular zero-day flaw is being tracked as CVE-2023-36884.
The campaign is currently targeting organizations and users with an interest in Ukraine.
Microsoft explained further on its blog: “Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America.
“The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress.”
Storm-0978, also referred to as RomCom, is a cybercriminal group based out of Russia.
The group is known for carrying out ransomware and extortion operations.
This particular campaign is being disseminated via emails with attached malicious Word documents.
Most read in News Tech
In the emails, users might see Word documents disguised as news articles about Ukraine or other documents of interest to organizations.
HOW TO STAY SAFE
Microsoft recommends a number of tips to help users reduce the impact of this cyberattack.
First starters, organizations are advised to turn on cloud-delivered protection in Microsoft Defender Antivirus.
“Use Microsoft Defender for Office 365 for enhanced phishing protection and coverage against new threats and polymorphic variants,” the tech giant added.
Similarly, Defender for Office 365 users should ensure that Safe Attachments and Safe Links protection is enabled.
Microsoft 365 Defender users can also turn on attack surface reduction rules to prevent attacks.
“Customers who use Microsoft Defender for Office 365 are protected from attachments that attempt to exploit CVE-2023-36884,” Microsoft said.
“In addition, customers who use Microsoft 365 Apps (Versions 2302 and later) are protected from exploitation of the vulnerability via Office,” it added.
