Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2023-36884 is a high severity vulnerability with a CVSS score of 7.5. Exploits are available; patches have been released and should be applied urgently. This is classified as a zero-day vulnerability.
Very high probability of exploitation in the next 30 days
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978 Entry for important information about steps you can take to protect your system from this vulnerability.
This CVE will be updated with new information and links to security updates when they become available.
| Vendor | Product |
|---|---|
| Microsoft | Windows 10 21h2 |
| Microsoft | Windows 10 1809 |
| Microsoft | Windows Server 2012 |
| Microsoft | Windows Server 2022 |
| Microsoft | Windows Server 2016 |
| Microsoft | Windows 11 21h2 |
| Microsoft | Windows Server 2008 |
| Microsoft | Windows 10 1507 |
| Microsoft | Windows 11 22h2 |
| Microsoft | Windows 10 1607 |
And 2 more...
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.