{"vulnerability": "CVE-2023-36884", "sightings": [{"uuid": "519beab1-a6b5-4deb-b0c5-badd516215a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "MISP/99d70534-49a1-4920-887e-938c4ae37479", "content": "", "creation_timestamp": "2023-08-16T14:44:11.000000Z"}, {"uuid": "f8c52759-3c78-417e-be0c-357f254fe800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-07-18T00:10:02.000000Z"}, {"uuid": "9e09e9ec-8906-4065-a00a-b5e55cbafbd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "MISP/cf410edf-b437-4efa-841f-6106f07454bb", "content": "", "creation_timestamp": "2023-10-15T09:44:42.000000Z"}, {"uuid": "3cb4e30d-e52e-409c-9b8b-c7fb9f9d171a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://bsky.app/profile/securityaura.bsky.social/post/3lfgrcqvxs22q", "content": "", "creation_timestamp": "2025-01-11T03:29:20.909362Z"}, {"uuid": "ee5bcd5e-ef56-43ce-bd9b-3b46e28d9c9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971858", "content": "", "creation_timestamp": "2024-12-24T20:34:54.892693Z"}, {"uuid": "af734699-2ae2-41b7-901f-72d0215d830d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://bsky.app/profile/jtlenaghan.bsky.social/post/3lf46sysssj26", "content": "", "creation_timestamp": "2025-01-06T22:31:53.648606Z"}, {"uuid": "95764a7d-65da-4e5a-8f10-2c03ab0cd2c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "MISP/cf410edf-b437-4efa-841f-6106f07454bb", "content": "", "creation_timestamp": "2025-07-06T22:17:39.000000Z"}, {"uuid": "b6fb5f0e-2a04-4d79-9601-422cc298eb3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:44.000000Z"}, {"uuid": "203c1ad4-9bed-4106-9c09-24776f6d23d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lwavijsimk2b", "content": "", "creation_timestamp": "2025-08-13T03:36:44.713746Z"}, {"uuid": "6c9e0add-c5a0-4d5b-bd2f-14432461f83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/115015637473275530", "content": "", "creation_timestamp": "2025-08-12T11:49:11.474996Z"}, {"uuid": "ee38ad9e-0c8e-45c6-a7d6-bc6574fb7d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://threatintel.cc/2025/08/12/update-winrar-tools-now-romcom.html", "content": "", "creation_timestamp": "2025-08-12T09:49:06.000000Z"}, {"uuid": "5bb2bd70-c90b-4ec5-a0f8-2c4a6d8e092a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://gist.github.com/zredlined/44192ca592721f64cf684ea0019540d0", "content": "", "creation_timestamp": "2025-08-18T15:53:12.000000Z"}, {"uuid": "7734308c-46f5-4a54-a8c2-3c398f46b3ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-1fdfda19-2805a58255f192e9", "content": "", "creation_timestamp": "2026-03-06T10:29:26.675490Z"}, {"uuid": "079e1976-197b-477a-96c8-6464021468d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mdzsnledd72e", "content": "", "creation_timestamp": "2026-02-04T11:49:47.801174Z"}, {"uuid": "5eaa413e-8d98-4b6b-8cbc-16302338dc3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9da7409c-1f3f-44e3-ac8a-c2efd24e7882", "content": "", "creation_timestamp": "2026-02-02T12:26:54.744033Z"}, {"uuid": "a40e89ec-868a-409b-bb5b-69984fa02b63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "MISP/99d70534-49a1-4920-887e-938c4ae37479", "content": "", "creation_timestamp": "2026-02-08T06:29:19.000000Z"}, {"uuid": "0cee19f5-bb1a-4415-8d1c-110763d2a27b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1062", "content": "", "creation_timestamp": "2023-07-12T04:00:00.000000Z"}, {"uuid": "3c757e11-fddc-4462-a715-20ab256707c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1086", "content": "", "creation_timestamp": "2023-08-10T04:00:00.000000Z"}, {"uuid": "f7e23195-dca7-4e00-a0de-2479c2e16e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/fdda4963-0aa7-4d15-8a8f-969db8f304ca", "content": "", "creation_timestamp": "2025-02-28T23:49:13.272798Z"}, {"uuid": "f3f2b868-40b6-43f9-a149-fbdb012fe1f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4748", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aRecent Campaign abusing CVE-2023-36884\nURL\uff1ahttps://github.com/deepinstinct/Storm0978-RomCom-Campaign\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-13T13:12:03.000000Z"}, {"uuid": "034dd738-780c-4527-9b26-78bc6c8c3f73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5380", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aMS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit\nURL\uff1ahttps://github.com/jakabakos/CVE-2023-36884-MS-Office-HTML-RCE\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-10-12T07:15:13.000000Z"}, {"uuid": "ee73870c-be80-4827-a4c3-a6cb893baa47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4762", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aScript to check for CVE-2023-36884\nURL\uff1ahttps://github.com/tarraschk/CVE-2023-36884-Checker\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-17T14:11:42.000000Z"}, {"uuid": "b4a7ec81-7036-455c-9e98-eec14af770af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4765", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-36884 \u4e34\u65f6\u8865\u4e01\nURL\uff1ahttps://github.com/or2me/CVE-2023-36884_patcher\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-18T06:30:53.000000Z"}, {"uuid": "d9d85177-9405-492e-a71c-5e32246bc01f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/BleepingComputer/17733", "content": "\u200aMicrosoft Office update breaks actively exploited RCE attack chain\n\nMicrosoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks. [...]\n\nhttps://www.bleepingcomputer.com/news/security/microsoft-office-update-breaks-actively-exploited-rce-attack-chain/", "creation_timestamp": "2023-08-08T23:30:05.000000Z"}, {"uuid": "64f22f6b-57ff-452d-aa25-0b63008a7adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/itsec_news/3045", "content": "\u200b\u26a1\ufe0f\u0421\u0432\u0435\u0436\u0438\u0439 Patch Tuesday \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 87 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Windows \u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft.\n\n\ud83d\udcac \n\u0412\u0447\u0435\u0440\u0430 Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows \u0438 \u0440\u044f\u0434\u0430 \u043f\u0440\u043e\u0447\u0435\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 Patch Tuesday \u0438\u043b\u0438 \u00ab\u0432\u0442\u043e\u0440\u043d\u0438\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439\u00bb \u2014 \u043a\u0440\u0443\u043f\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u043e\u0431\u044b\u0447\u043d\u043e \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u0439 \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0437\u0430 \u0430\u0432\u0433\u0443\u0441\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 87 \u043e\u0448\u0438\u0431\u043e\u043a \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 2 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0438 23 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043b\u0438\u0448\u044c 6 Microsoft \u043e\u0446\u0435\u043d\u0438\u043b\u0430 \u043a\u0430\u043a \u00ab\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435\u00bb.\n\n\u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043a\u0430\u0436\u0434\u043e\u0439 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 \u0443\u043a\u0430\u0437\u0430\u043d\u043e \u043d\u0438\u0436\u0435:\n18 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u0438\u0441\u0442\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438;\n23 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430;\n10 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438;\n8 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0438\u043f\u0430 \u00ab\u041e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438\u00bb;\n12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u0430.\n\u042d\u0442\u043e\u0442 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0434\u0432\u0435\u043d\u0430\u0434\u0446\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Microsoft Edge \u043d\u0430 Chromium, \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435.\n\n\u0414\u0432\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c Patch Tuesday, \u043f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e, \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043e\u0431\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u0421\u0430\u043c\u0430 Microsoft \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u00ab\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f\u00bb, \u043a\u0430\u043a \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0443\u044e \u0438\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0435\u0437 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0414\u0432\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432 \u043a\u0440\u0430\u0439\u043d\u0435\u043c Patch Tuesday, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435:\n\n\u2022 ADV230003 \u2014 \u0443\u0433\u043b\u0443\u0431\u043b\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Microsoft Office Defense \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0440\u0430\u043d\u0435\u0435 \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 CVE-2023-36884 . \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b Microsoft Office, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u0431\u0435\u0437 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430.\n\n\u2022 CVE-2023-38180 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0432 .NET \u0438 Visual Studio, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f DoS-\u0430\u0442\u0430\u043a.\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0432 \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u043c \u043f\u043e\u0440\u044f\u0434\u043a\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Patch Tuesday, \u0435\u0441\u043b\u0438 \u044d\u0442\u043e \u043d\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438. \u042d\u0442\u043e \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0438\u0441\u043a\u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043f\u043e\u0442\u0435\u0440\u044e \u0432\u0430\u0436\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u043d\u0435 \u0434\u0440\u0435\u043c\u043b\u044e\u0442, \u0438 \u043b\u044e\u0431\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438. \u0420\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u2014 \u044d\u0442\u043e \u0442\u043e \u043d\u0435\u043c\u043d\u043e\u0433\u043e\u0435, \u0447\u0442\u043e \u043c\u044b \u043c\u043e\u0436\u0435\u043c \u0441\u0434\u0435\u043b\u0430\u0442\u044c, \u0447\u0442\u043e\u0431\u044b \u0445\u043e\u0442\u044c \u043a\u0430\u043a-\u0442\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e \u0438 \u043d\u0435 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0432\u0437\u043b\u043e\u043c\u0430 \u043d\u0430\u0448\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-08-09T12:30:05.000000Z"}, {"uuid": "1d4d6f30-de4c-4a41-bfad-fd5f91728aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/itsec_news/4848", "content": "\u200b\u26a1\ufe0fAPT-\u0430\u0442\u0430\u043a\u0430 \u043a\u043e\u043c\u0431\u0438\u043d\u0438\u0440\u0443\u0435\u0442 Zero-day \u0438 Zero-click \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u0445 Firefox \u0438 Tor\n\n\ud83d\udcac \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 ESET \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Mozilla, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \u042d\u0442\u043e \u0443\u0436\u0435 \u0432\u0442\u043e\u0440\u043e\u0439 \u0441\u043b\u0443\u0447\u0430\u0439 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432: \u0440\u0430\u043d\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-36884 \u0432 Microsoft Word \u0431\u044b\u043b\u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a.\n\n\u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-9680 \u0438 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9.8, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u043c \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox, Thunderbird \u0438 Tor Browser. \u0421\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0435 \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0432 Windows (CVE-2024-49039, CVSS 8.8) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043f\u043e\u0441\u0435\u0442\u0438\u043b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e 8 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430. \u0410\u043d\u0430\u043b\u0438\u0437 \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Mozilla \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0442\u0438\u043f\u0430 use-after-free \u0432 \u0430\u043d\u0438\u043c\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434. \u0423\u0436\u0435 9 \u043e\u043a\u0442\u044f\u0431\u0440\u044f Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0432\u0448\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443. \u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0431\u044b\u043b \u0432\u044b\u044f\u0432\u043b\u0435\u043d \u0431\u0430\u0433 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows Task Scheduler, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430. Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 12 \u043d\u043e\u044f\u0431\u0440\u044f.\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0444\u0435\u0439\u043a\u043e\u0432\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432, \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0445 \u0436\u0435\u0440\u0442\u0432 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438. \u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0430, \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435-\u043d\u043e\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430 \u0430\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0421\u0435\u0432\u0435\u0440\u043d\u043e\u0439 \u0410\u043c\u0435\u0440\u0438\u043a\u0435. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-9680, \u0440\u0430\u0431\u043e\u0442\u0430\u043b \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u0445 Firefox \u0438 Tor, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0435 Thunderbird. \u041f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0430 \u044d\u0442\u0438\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043f\u0440\u0435\u043e\u0434\u043e\u043b\u0435\u0432\u0430\u043b\u0430\u0441\u044c \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Windows.\n\n\u0414\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432. \u0412\u0435\u0440\u0441\u0438\u0438 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 Firefox 131.0.2, Thunderbird 115.16 \u0438 Tor Browser 13.5.7.\n\n\u0410\u0442\u0430\u043a\u0430 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0434\u0432\u0443\u0445 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b. \u0411\u044b\u0441\u0442\u0440\u043e\u0442\u0430 \u0440\u0435\u0430\u043a\u0446\u0438\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0438 \u0432\u044b\u043f\u0443\u0441\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0432 \u043a\u0440\u0430\u0442\u0447\u0430\u0439\u0448\u0438\u0435 \u0441\u0440\u043e\u043a\u0438 \u0441\u0442\u0430\u043b\u0438 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u043c \u0444\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u044f \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-11-28T10:58:49.000000Z"}, {"uuid": "189308aa-8ac6-4428-8c4e-be01b9b8652d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/BleepingComputer/17726", "content": "Latest news and stories from BleepingComputer.com\nMicrosoft Office update breaks actively exploited RCE attack chain\n\nMicrosoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks. [...]", "creation_timestamp": "2023-08-08T21:08:19.000000Z"}, {"uuid": "de069b66-f032-4f1d-808e-6b362a8dc8ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/alexmakus/5099", "content": "\u0443 Microsoft \u0432\u0447\u0435\u0440\u0430 \u0431\u044b\u043b Patch Tuesday \u0434\u043b\u044f \u0430\u0432\u0433\u0443\u0441\u0442\u0430, 87 \u0444\u0438\u043a\u0441\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c, \u0438 23 RCE. \n\nhttps://msrc.microsoft.com/update-guide/releaseNote/2023-Aug\n\nADV230003 -\u00a0Microsoft Office Defense in Depth Update (publicly disclosed)\nMicrosoft has released an Office Defense in Depth update to fix a\u00a0patch bypass of the previously mitigated and actively exploited CVE-2023-36884 remote code execution flaw.\nThe\u00a0CVE-2023-36884 flaw allowed threat actors to create specially crafted Microsoft Office documents that could bypass the Mark of the Web (MoTW) security feature, causing files to be opened without displaying a security warning and perform remote code execution.\nThe vulnerability was actively exploited by the RomCom hacking group, who was previously known to deploy the\u00a0Industrial Spy ransomware\u00a0in attacks. The ransomware operation has since rebranded as 'Underground,' under which they continue to extort victims.\nThe flaw was discovered by\u00a0Paul Rascagneres and Tom Lancaster with Volexity.\n\nCVE-2023-38180 - .NET and Visual Studio Denial of Service Vulnerability\nMicrosoft has fixed an actively exploited vulnerability that can cause a DoS attack on .NET applications and Visual Studio.\nUnfortunately, Microsoft did not share any additional details on how this flaw was used in attacks and did not disclose who discovered the vulnerability.", "creation_timestamp": "2023-08-09T14:05:26.000000Z"}, {"uuid": "cfe6f600-1c9a-49cb-8bbc-7ee508b463a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/kasperskyb2b/746", "content": "\ud83d\udcbb \u0418\u044e\u043b\u044c\u0441\u043a\u0438\u0439 \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u043f\u0430\u0442\u0447\u0435\u0439 Microsoft: \ud83d\udfe5\ud83d\udfe9\ud83d\udcdb\u0436\u0430\u0440\u0430!\n\n\u041e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 Microsoft \u043b\u0430\u0442\u0430\u0435\u0442 132 \u0434\u044b\u0440\u044b \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u0438\u0437 \u0420\u0435\u0434\u043c\u043e\u043d\u0434\u0430. 9 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438, 6 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e, \u0430 \u043d\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u0430\u0442\u0447.   37 \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, 33 \u2014 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 13 \u2014 \u043e\u0431\u0445\u043e\u0434\u0443 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 22 \u2014 \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438. \u0411\u043e\u0433\u0430\u0442\u043e.\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 Storm-0978/RomCom  RCE \u0432 Office \u0438 Windows (CVE-2023-36884, CVSS 8.3) \u043d\u0435 \u0443\u0441\u043f\u0435\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430. \u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u043c\u0438\u0442\u0438\u0433\u0430\u0446\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0435 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u0441\u0435\u0445 \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u043c\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 Office \u0432 \u0441\u043f\u0438\u0441\u043e\u043a FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION. \u0412\u0435\u0441\u044c\u043c\u0430 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0447\u0442\u043e \u043f\u0430\u0442\u0447 \u0431\u0443\u0434\u0435\u0442 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0434\u0435\u043b\u044e-\u0434\u0440\u0443\u0433\u0443\u044e, \u043d\u0435 \u0434\u043e\u0436\u0438\u0434\u0430\u044f\u0441\u044c \u0430\u0432\u0433\u0443\u0441\u0442\u0430.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0435 CVE, \u0430 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0441 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c\u0438 (ADV-230001), \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 \u0443\u0440\u043e\u0432\u043d\u044f \u044f\u0434\u0440\u0430. \u042d\u0442\u043e \u0435\u0449\u0451 \u043e\u0434\u0438\u043d \u043f\u043e\u0432\u043e\u0440\u043e\u0442 \u0432 \u0441\u0430\u0433\u0435 \u043e\u0431 \u00ab\u0443\u0431\u0438\u0439\u0446\u0430\u0445 EDR\u00bb \u0438 \u0440\u0443\u0442\u043a\u0438\u0442\u0430\u0445.  \u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u043e\u0442\u043e\u0437\u0432\u0430\u043b \u043f\u0430\u0447\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 APT \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b, \u043d\u043e \u043d\u0435 \u0440\u0435\u0448\u0438\u043b \u043e\u0441\u043d\u043e\u0432\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443. \u0425\u0430\u043a\u0435\u0440\u044b \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0443\u043c\u0443\u0434\u0440\u044f\u044e\u0442\u0441\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u0443 Microsoft \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u0440\u044e\u043a \u0441 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0437\u0430\u0434\u043d\u0438\u043c \u0447\u0438\u0441\u043b\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u043e\u043d \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u043b \u043f\u043e \u043e\u0434\u043d\u043e\u043c\u0443 \u0438\u0437 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043d\u0430 MS Developers Portal. \u0414\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b Microsoft \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c  Windows \u0438 EDR \u043e\u0431\u043d\u043e\u0432\u043b\u0451\u043d\u043d\u044b\u043c\u0438 \ud83e\udd78. \u0415\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u0441\u043b\u0430\u0431\u043e\u0435 \u0443\u0442\u0435\u0448\u0435\u043d\u0438\u0435 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0442\u0430\u043a\u0438\u0445 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u0438\u043c\u0435\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430. \n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0431\u0430\u0433\u0438 \u0432 \u044d\u0442\u043e\u043c \u043f\u0430\u043a\u0435\u0442\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439:\n\nCVE-2023-32049 \u2014 \u043e\u0431\u0445\u043e\u0434 \u0444\u0438\u0447 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0444\u0430\u0439\u043b \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0431\u0435\u0437 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f Windows \u00ab\u0444\u0430\u0439\u043b \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430\u00bb.\nCVE-2023-32046 \u2014 EoP \u0432 MSHTML. \nCVE-2023-36874 \u2014 EoP \u0432 Windows Error reporting service. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u0435\u0441\u043b\u0438 \u0443 \u043d\u0438\u0445 \u0435\u0441\u0442\u044c \u043e\u0431\u044b\u0447\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u043f\u0430\u043f\u043e\u043a \u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438.\nCVE-2023-35311 \u2014 \u043e\u0431\u0445\u043e\u0434 \u0444\u0438\u0447 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 Outlook, \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u043d\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0436\u0435\u0434\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u043a\u0430 \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f, \u043d\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0431\u0443\u0434\u0443\u0442 \u0432 \u0431\u0443\u0434\u0443\u0449\u0435\u043c  RCE \u0432 Sharepoint server (CVE-2023-33160, CVSS 8.8) \u0438 \u043d\u0438\u0448\u0435\u0432\u0430\u044f, \u043d\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u043e\u043f\u0430\u0441\u043d\u0430\u044f RCE \u0432 Microsoft message queuing (CVE-2023-32057, CVSS 9.8).\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435\u0439 \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0437\u0434\u0435\u0441\u044c.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-07-12T09:42:06.000000Z"}, {"uuid": "fda46484-9ddc-4423-b0fa-cbe681dbc149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/kasperskyb2b/792", "content": "\ud83d\udcbb\ud83d\udfe1 \u0418\u0437 87 \u043f\u0430\u0442\u0447\u0435\u0439 Microsoft, \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0430 \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0432\u043e\u043a\u0440\u0443\u0433 CVE-2023-36884. \u0418\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0430\u043a RCE  \u0432 Office \u0438 Windows HTML, \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043f\u0435\u0440\u0435\u043a\u0432\u0430\u043b\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows Search. \u0415\u0451 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c MotW, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043e\u0444\u0438\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0431\u0435\u0437 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0439. \u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Windows, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Office (ADV230003), \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0435\u0440\u0432\u0430\u0442\u044c \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445. \u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f\u043c\u0438 RomCom.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u2014 CVE-2023-38180 (CVSS 7.5) \u0432 .NET \u0438 Visual Studio, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a DoS. \u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u043d\u0435 \u043f\u0440\u0438\u0432\u0451\u043b \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0435\u0442\u0430\u043b\u0435\u0439 \u043e \u0442\u043e\u043c, \u043a\u0442\u043e \u0438 \u043a\u0430\u043a \u044d\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b \u044d\u0442\u043e\u0442 \u0431\u0430\u0433.\n\n\u0412\u0441\u0435\u0433\u043e Microsoft \u0437\u0430\u043a\u0440\u044b\u043b\u0430 23 RCE, 18 EoP, 3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 10 \u2014 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 8 DoS \u0438 12 spoofing. \n\n\u0418\u0437 \u0448\u0435\u0441\u0442\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0434\u0432\u0435 \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u043a Teams (CVE-2023-29330 \u0438 -29328) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0435\u0441\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u0430 \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0438\u0442\u0441\u044f \u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0432\u0441\u0442\u0440\u0435\u0447\u0435. \u0415\u0449\u0451 \u043e\u0434\u043d\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f RCE \u0432 Outlook, \u0430 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0442\u0440\u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437  Microsoft Message Queuing (CVE-2023-36911, -36910, -35385, \u0432\u0441\u0435 CVSS 9.8). \u0412\u0441\u0435\u0433\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u044d\u0442\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e 11 \u0448\u0442\u0443\u043a, \u0447\u0442\u043e \u044f\u0432\u043d\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0441\u043a\u043e\u0440\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.  \u0422\u0435\u043c, \u0443 \u043a\u043e\u0433\u043e \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0440\u0435\u0430\u043b\u044c\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0441\u043b\u0443\u0436\u0431\u0430 MMQ, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f  \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043b\u0438 \u0441\u0442\u0440\u043e\u0433\u043e \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c TCP-\u0442\u0440\u0430\u0444\u0438\u043a \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 1801 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043c\u0435\u0440\u044b \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-08-09T10:07:43.000000Z"}, {"uuid": "5212c147-e7e7-4b9d-8641-0474a7bdb3ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/HackingVidhya/206", "content": "#Malware_analysis\nUnderground Ransomware deployed by Storm-0978 that exploited CVE-2023-36884", "creation_timestamp": "2023-08-17T11:50:22.000000Z"}, {"uuid": "be38c5f4-9f99-4f66-aae0-217698a33342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/ctinow/123709", "content": "https://ift.tt/IeAVM1z\nUnpatched Office Zero-Day CVE-2023-36884 Actively Exploited in Targeted Attacks", "creation_timestamp": "2023-07-13T17:52:07.000000Z"}, {"uuid": "271f78b0-9a1f-4dcc-ad57-14c2b0051686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/ctinow/123256", "content": "https://ift.tt/WPCvEfa\nUnpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks", "creation_timestamp": "2023-07-12T09:56:39.000000Z"}, {"uuid": "3776f2a5-50a4-4def-b25d-c526d623458e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/ctinow/123163", "content": "https://ift.tt/Cid7tWc\nMicrosoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)", "creation_timestamp": "2023-07-11T21:56:22.000000Z"}, {"uuid": "45f9ec41-ec8a-4d68-8096-33f248a3fa15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/ctinow/126521", "content": "https://ift.tt/hUmEKBk\nCyber Storm Unleashed: Unmasking STORM-0978\u2019s Exploitation of the CVE-2023-36884 Vulnerability", "creation_timestamp": "2023-07-27T03:46:33.000000Z"}, {"uuid": "36ad8d02-ce2d-4b6e-8750-484b8ead17c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/kwulu/940", "content": "\u0639\u0627\u062c\u0644! \n\u062d\u0645\u0644\u0629 PEAPOD \u0627\u0644\u062c\u062f\u064a\u062f\u0629 \u0644\u0644\u0647\u062c\u0648\u0645 \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a \u062a\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u0642\u064a\u0627\u062f\u0627\u062a \u0627\u0644\u0633\u064a\u0627\u0633\u064a\u0629 \u0627\u0644\u0646\u0633\u0627\u0626\u064a\u0629. \n\u0627\u0644\u062a\u0627\u0631\u064a\u062e: 13 \u0643\u062a\u0648\u0628\u0631 2023 \n\u0628\u0631\u0632 \u0627\u0644\u0623\u0641\u0631\u0627\u062f \u0627\u0644\u0639\u0633\u0643\u0631\u064a\u0648\u0646 \u0648\u0627\u0644\u0642\u0627\u062f\u0629 \u0627\u0644\u0633\u064a\u0627\u0633\u064a\u0648\u0646 \u0641\u064a \u0627\u0644\u0627\u062a\u062d\u0627\u062f \u0627\u0644\u0623\u0648\u0631\u0648\u0628\u064a \u0627\u0644\u0630\u064a\u0646 \u064a\u0639\u0645\u0644\u0648\u0646 \u0641\u064a \u0645\u0628\u0627\u062f\u0631\u0627\u062a \u0627\u0644\u0645\u0633\u0627\u0648\u0627\u0629 \u0628\u064a\u0646 \u0627\u0644\u062c\u0646\u0633\u064a\u0646 \u0643\u0647\u062f\u0641 \u0644\u062d\u0645\u0644\u0629 \u062c\u062f\u064a\u062f\u0629 \u062a\u0642\u062f\u0645 \u0646\u0633\u062e\u0629 \u0645\u062d\u062f\u062b\u0629 \u0645\u0646 RomCom RAT \u062a\u0633\u0645\u0649 PEAPOD. \u0648\u0623\u0631\u062c\u0639\u062a \u0634\u0631\u0643\u0629 \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a Trend Micro \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0625\u0644\u0649 \u0645\u0645\u062b\u0644 \u062a\u0647\u062f\u064a\u062f \u062a\u062a\u0639\u0642\u0628\u0647 \u062a\u062d\u062a \u0627\u0633\u0645 Void Rabisu\u060c \u0648\u0627\u0644\u0630\u064a \u064a\u064f\u0639\u0631\u0641 \u0623\u064a\u0636\u064b\u0627 \u0628\u0627\u0633\u0645 Storm-0978 \u0648Tropical Scorpius \u0648UNC2596\u060c \u0648\u064a\u064f\u0639\u062a\u0642\u062f \u0623\u064a\u0636\u064b\u0627 \u0623\u0646\u0647 \u0645\u0631\u062a\u0628\u0637 \u0628\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0641\u062f\u064a\u0629 \u0627\u0644\u0643\u0648\u0628\u064a\u0629. \u062a\u0639\u062a\u0628\u0631 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629 \u0627\u0644\u0645\u0639\u0627\u062f\u064a\u0629 \u0645\u062c\u0645\u0648\u0639\u0629 \u063a\u064a\u0631 \u0639\u0627\u062f\u064a\u0629 \u0625\u0644\u0649 \u062d\u062f \u0645\u0627 \u0645\u0646 \u062d\u064a\u062b \u0623\u0646\u0647\u0627 \u062a\u0642\u0648\u0645 \u0628\u0647\u062c\u0645\u0627\u062a \u0630\u0627\u062a \u062f\u0648\u0627\u0641\u0639 \u0645\u0627\u0644\u064a\u0629 \u0648\u0647\u062c\u0645\u0627\u062a \u062a\u062c\u0633\u0633\u060c \u0645\u0645\u0627 \u064a\u0624\u062f\u064a \u0625\u0644\u0649 \u0639\u062f\u0645 \u0648\u0636\u0648\u062d \u0627\u0644\u062e\u0637 \u0627\u0644\u0641\u0627\u0635\u0644 \u0628\u064a\u0646 \u0623\u0633\u0627\u0644\u064a\u0628 \u0639\u0645\u0644\u0647\u0627. \u0643\u0645\u0627 \u0623\u0646\u0647 \u0645\u0631\u062a\u0628\u0637 \u062d\u0635\u0631\u064a\u064b\u0627 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 RomCom RAT. \u0648\u0642\u062f \u0627\u0633\u062a\u0647\u062f\u0641\u062a \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0646\u0637\u0648\u064a \u0639\u0644\u0649 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0623\u0648\u0643\u0631\u0627\u0646\u064a\u0627 \u0648\u0627\u0644\u062f\u0648\u0644 \u0627\u0644\u062a\u064a \u062a\u062f\u0639\u0645 \u0623\u0648\u0643\u0631\u0627\u0646\u064a\u0627 \u0641\u064a \u062d\u0631\u0628\u0647\u0627 \u0636\u062f \u0631\u0648\u0633\u064a\u0627 \u062e\u0644\u0627\u0644 \u0627\u0644\u0639\u0627\u0645 \u0627\u0644\u0645\u0627\u0636\u064a. \u0641\u064a \u0648\u0642\u062a \u0633\u0627\u0628\u0642 \u0645\u0646 \u0634\u0647\u0631 \u064a\u0648\u0644\u064a\u0648\u060c \u0627\u062a\u0647\u0645\u062a \u0634\u0631\u0643\u0629 Microsoft Void Rabisu \u0628\u0627\u0633\u062a\u063a\u0644\u0627\u0644 CVE-2023-36884\u060c \u0648\u0647\u0648 \u062e\u0644\u0644 \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f \u0641\u064a Office \u0648Windows HTML\u060c \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 spe.", "creation_timestamp": "2023-10-13T22:31:10.000000Z"}, {"uuid": "a0132a2c-143f-447e-b0a8-e86dad1bd604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/arpsyndicate/1278", "content": "#ExploitObserverAlert\n\nCVE-2023-36884\n\nDESCRIPTION: Exploit Observer has 48 entries related to CVE-2023-36884. Windows Search Remote Code Execution Vulnerability\n\nFIRST-EPSS: 0.479490000\nNVD-IS: 5.9\nNVD-ES: 1.6", "creation_timestamp": "2023-12-04T18:52:52.000000Z"}, {"uuid": "cb01ac1e-ef07-4f8b-a805-ad110022ceb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3124", "content": "AnoMark\n\nThis algorithm is a Machine Learning one, using Natural Language Processing (NLP) techniques based on Markov Chains and n-grams. It offers a way to train a theoretical model on command lines  datasets considered clean. Once done it can detect malicious command lines on other datasets.\n\nhttps://github.com/ANSSI-FR/AnoMark\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-32117\n\nIntegrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints.\n\nhttps://github.com/RandomRobbieBF/CVE-2023-32117\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bGeoPincer\n\nA script that leverages OpenStreetMap's Overpass API in order to search for locations. These locations will be queried using a collection of establishments that are somewhat adjacent.\n\nhttps://github.com/tloja/GeoPincer\n\n#OSINT #cybersecurity #infosec\n\n\u200b\u200bAwesome Industrial Protocols\n\nCompilation of industrial network protocols resources focusing on offensive security.\n\n\u2022 You are currently viewing the Awesome Industrial Protocols page.\n\u2022 etailed pages for protocols are available in protocols.\n\u2022 All data is stored in MongoDB databases in db.\n\u2022 Turn/IP (in srcs) is a handy tool to manipulate this data, generate the awesome list and protocol pages, and simplify the research and test process on industrial protocols\n\nhttps://github.com/Orange-Cyberdefense/awesome-industrial-protocols\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-36884-Checker\n\nScript to check for CVE-2023-36884 hardening.\n\nhttps://github.com/tarraschk/CVE-2023-36884-Checker\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bAlcatraz\n\nA x64 binary obfuscator that is able to obfuscate various different pe files including:\n\n\u2022 .exe\n\u2022 .dll\n\u2022 .sys\n\nhttps://github.com/weak1337/Alcatraz\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCobalt Strike BOFs\n\nBeacon object files I made to use with #CobaltStrike.\n\nhttps://github.com/Und3rf10w/CobaltStrikeBOFs\n\n#infosec #pentesting #redteam\n\n\u200b\u200bWindows 11 Exploits\n\nCVE-2023-24892, CVE-2023-33131, CVE-2022-30129, CVE-2023-33137, CVE-2023-33145, CVE-2023-33148, CVE-2022-30190.\n\nhttps://github.com/nu11secur1ty/Windows11Exploits\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bADHunt v2.0\n\nA tool for enumerating Active Directory Enviroments looking for interesting AD objects, vulnerabilities, and misconfigurations. It currently uses a combination ldap queries and available tooling. It was built as a follow up to LinWinPwn.\n\nhttps://github.com/Auto19/ADHunt\n\n#infosec #pentesting #redteam\n\n\u200b\u200bIAMActionHunter\n\nIAMActionHunter is an IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS Identity and Access Management (IAM). Although its functionality is straightforward, this tool was developed in response to the need for an efficient solution during day-to-day AWS penetration testing.\n\nhttps://github.com/RhinoSecurityLabs/IAMActionHunter\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bSysPlant\n\nA small implementation in NIM of the currently known syscall hooking methods.\n\nhttps://github.com/x42en/sysplant\n\n#infosec #pentesting #redteam\n\n\u200b\u200bUnshackle\n\nOpen-source tool to bypass windows and linux passwords from bootable usb.\n\nhttps://github.com/Fadi002/unshackle\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCASR\n\nCollect crash reports, triage, and estimate severity.\n\nhttps://github.com/ispras/casr\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27163\n\nTo assist in enumerating the webserver behind the webserver SSRF.\n\nhttps://github.com/seanrdev/cve-2023-27163\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCS2BR BOF\n\nYou would like to execute BOFs written for #CobaltStrike in #BruteRatel C4? Look no further, we got you covered! CS2BR implements a compatibility-layer that make CS BOFs use the BRC4 API. This allows you to use the vast landscape that is BOFs in BRC4.\n\nhttps://github.com/NVISOsecurity/cs2br-bof\n\nDetails:\nhttps://blog.nviso.eu/2023/07/17/introducing-cs2br-pt-ii-one-tool-to-port-them-all/\n \n#infosec #pentesting #redteam\n\n\u200b\u200bhypobrychium\n\nAV/EDR completely ignore me. Duplicate the token of a running process and run a command.\n\nhttps://github.com/foxlox/hypobrychium\n\n#cve #infosec\n\n2/3", "creation_timestamp": "2023-07-22T17:37:23.000000Z"}, {"uuid": "9551cdc2-ac6c-4ac4-a4f5-fa9efbd863d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3122", "content": "\u200b\u200bGitHub Logs\n\nExtracting #OSINT Insights from 15TB of GitHub Event Logs.\n\nhttps://github.com/trickest/github-logs\n\n#cybersecurity #infosec\n\n\u200b\u200bWeb Hacker's Weapons\n\nA collection of cool tools used by Web hackers.\n\nhttps://github.com/hahwul/WebHackersWeapons\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200b\ud83d\udc27 Awesome Linux Rootkits\n\nBest linux rootkits resources.\n\nhttps://github.com/milabs/awesome-linux-rootkits\n\n#infosec #pentesting #redteam\n\nglit\n\nA little #OSINT tool to retrieve all mails of user related to a git repository, a git user or a git organization.\n\nhttps://github.com/shadawck/glit\n\n#cybersecurity #infosec\n\n\u200b\u200bCoWitness\n\nA powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.\n\nhttps://github.com/stolenusername/cowitness\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bLinux Kernel Factory\n\nLinux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.\n\nhttps://github.com/bsauce/kernel-exploit-factory\n\n#infosec #pentesting #redteam\n\n\u200b\u200bdocleaner\n\nA web service to clean #documents from potentially privacy-invasive #metadata.\n\nhttps://github.com/TUD-CERT/docleaner\n\n\u200b\u200bHadesLdr\n\nShellcode loader implementing indirect dynamic syscall, api hashing, fileless shellcode retrieving using winsock2.\n\n\u2022 Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.\n\u2022 API Hashing by resolving modules & APIs base address from PEB by hashes\n\u2022 Fileless Chunked RC4 Shellcode retrieving using Winsock2\n\nhttps://github.com/CognisysGroup/HadesLdr\n\nDetails:\nhttps://labs.cognisys.group/posts/Combining-Indirect-Dynamic-Syscalls-and-API-Hashing/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bLOLAPPS \n\nKind of like the cousin of LOLBAS and GTFObins. Sometimes you might struggle to common binaries to exploit and LOLAPPS is meant to be a supplementary resource for identifying native functionality in applications that can be used to the hacker's advantage, both third-party and from within.\n\nhttps://github.com/LOLAPPS-Project/LOLAPPS\n\nWeb:\nhttps://lolapps-project.github.io/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-36884\n\nOffice/Windows HTML RCE Vulnerability\n\nhttps://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bRWXfinder\n\nWindows-specific tool written in C which uses Windows API functions to traverse through directories and look for DLL files with an RWX section in memory.\n\nhttps://github.com/pwnsauc3/RWXFinder\n\n#infosec #pentesting #redteam\n\n\u200b\u200bPlumHound \n\nBloodHoundAD Report Engine for Security Teams\n\nhttps://github.com/PlumHound/PlumHound\n\n#infosec #pentesting #redteam\n\n\u200b\u200bLolDriverScan\n\nA golang tool that allows users to discover vulnerable drivers on their system. This tool fetches the loldriverscan.io list from their APIs and scans the system for any vulnerable drivers This project is implemented in Go and does not require elevated privileges to run.\n\nhttps://github.com/FourCoreLabs/loldriverscan\n\n#cybersecurity #infosec\n\n\u200b\u200bJayFinder\n\nWhether you knew Process Mockingjay since ever or you just got to know it, this tool helps you to find DLLs with RWX section. This is done parsing the PE Section Headers and checking the \"Characteristics\" attribute of each section.\n\nhttps://github.com/oldboy21/JayFinder\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-37582\n\nApache RocketMQ Arbitrary File Write Vulnerability #Exploit.\n\nhttps://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\n#cybersecurity #infosec\n\n\u200b\u200bUDP Protocol Scanner\n\nA tool for identifying UDP services running on remote hosts. This tool may be of use to those performing security testing - e.g. during penetration testing, vulnerability assessments or while pivoting.\n\nhttps://github.com/CiscoCXSecurity/udpy_proto_scanner\n\n#cybersecurity #infosec #pentesting\n\nhttps://t.me/dilagrafie\n\n2/2", "creation_timestamp": "2023-07-15T21:16:53.000000Z"}, {"uuid": "a032420a-8ed6-410f-b405-a33fe26ac573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/breachdetector/318527", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-36884 - Microsoft Office ve Windows HTML Uzaktan Kod Y\u00fcr\u00fctme A\u00e7\u0131\u011f\u0131\", \n  \"author\": \" (SerasZen)\",\n  \"Detection Date\": \"17 Aug 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-08-17T11:22:29.000000Z"}, {"uuid": "908ae36d-0c5f-45ab-a69b-21171a25a0f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/breachdetector/318014", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-36884 Microsoft'un Office Belgeleri \u0130le Kod Y\u00fcr\u00fctme A\u00e7\u0131\u011f\u0131 Nedir ?\", \n  \"author\": \" (SerasZen)\",\n  \"Detection Date\": \"16 Aug 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-08-16T11:36:18.000000Z"}, {"uuid": "e1991f6a-b835-4743-bee1-5925902d5d3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/Securi3yTalent/105", "content": "MS Office 0-day CVE-2023\u201336884 Mitigation&Detection (Splunk-ArcSight-SentinelOne-Elastic-CrowdStrike Rule)\n\nhttps://medium.com/@onuroktay/ms-office-0-day-cve-2023-36884-mitigation-detection-847e08c8bdcc\n\nFull Analysis Report from BlackBerry \nhttps://unit42.paloaltonetworks.com/cve-2023-36884-rce/\n\nFollow us___\n\nhttps://www.facebook.com/devmehedi101\nhttps://www.linkedin.com/company/securitytalent   \nhttps://twitter.com/devmehedi101\nhttps://www.instagram.com/devmehedi101/\nhttps://www.youtube.com/@SecurityTalent/\nhttps://www.dailymotion.com/devmehedi101\n\nFree Hacking Course Download Now__\nhttps://t.me/Securi3yTalent", "creation_timestamp": "2023-07-16T02:27:57.000000Z"}, {"uuid": "ac3391c2-e45b-4916-afb3-195439873c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/breachdetector/356528", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"Microsoft 2023 Critical and Important Vulnerabilities (CVE-2023-36884)\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"11 Oct 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-10-11T00:31:20.000000Z"}, {"uuid": "73a19230-2d18-449f-899d-54656e4f6567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/breachdetector/356407", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"Microsoft 2023 Cr\u0131t\u0131cal ve Important A\u00e7\u0131klar\u0131 (CVE-2023-36884)\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"10 Oct 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-10-10T21:05:23.000000Z"}, {"uuid": "921f5caa-e0b3-4f0c-89fc-a1e4efff4ad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/breachdetector/490463", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-36884 - Microsoft Office ve Windows HTML Uzaktan Eri\u015fim Nedir ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"08 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-08T12:42:24.000000Z"}, {"uuid": "7b3929f4-51b5-4a6b-83a5-3a80a696225b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/breachdetector/490793", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-36884 - Microsoft Office and Windows HTML ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"08 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-08T20:46:38.000000Z"}, {"uuid": "39a57755-7c7b-4911-8fe3-f6f54f48ba2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/true_secator/4707", "content": "\u041f\u043e\u0434\u043a\u0430\u0442\u0438\u043b PatchTuesday \u043e\u0442 Microsoft \u0437\u0430 \u0430\u0432\u0433\u0443\u0441\u0442 2023 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 87 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 2 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0438 23 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 6 \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e 18 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 3 - \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 23 - RCE, 10 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 8 - DoS, 12 - \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u0430.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0445, 12 \u043e\u0448\u0438\u0431\u043e\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 Microsoft Edge (Chromium).\n\n\u0412\u0442\u043e\u0440\u043d\u0438\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043e\u0431\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u0430 \u043e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 \u0431\u044b\u043b\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430.\n\nMicrosoft \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u0435\u0441\u043b\u0438 \u043e\u043d\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0431\u0435\u0437 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0423\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u043c\u044b\u0435 \u0434\u0432\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 0-day - CVE-2023-36884 \u0438 CVE-2023-38180.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 Microsoft Office Defense \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 Volexity \u0435\u0449\u0435 \u0432 \u0438\u044e\u043b\u0435 \u0438 \u0442\u043e\u0433\u0434\u0430 \u0435\u0435 \u043e\u043d\u0430 \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430, \u043d\u043e \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u0435\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e. \n\nCVE-2023-36884 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b Microsoft Office, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Mark of the Web (MoTW), \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0444\u0430\u0439\u043b\u044b \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u0431\u0435\u0437 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c RCE.\n\n0-day \u0431\u044b\u043b\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0433\u0440\u0443\u043f\u043f\u044b RomCom \u0432 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0445 \u0438 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0445 \u0446\u0435\u043b\u044f\u0445.\n\n\u0413\u0440\u0443\u043f\u043f\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0430\u00a0\u0432 \u0430\u0442\u0430\u043a\u0430\u0445\u00a0\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c Industrial Spy, \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0432 Underground, \u043f\u043e\u0434 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043e\u043d\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u044c \u0434\u0435\u043d\u044c\u0433\u0438 \u0443 \u0436\u0435\u0440\u0442\u0432.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f CVE-2023-38180 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c .NET \u0438 Visual Studio, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 DoS.\n\n\u041f\u043e \u043d\u0435\u0439 Microsoft \u0441\u0442\u0430\u043b\u0430 \u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043a\u0430\u043a\u0438\u043c\u0438-\u043b\u0438\u0431\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u0438 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430, \u043a\u0442\u043e \u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u043f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u0432\u0441\u0435\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0441 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c \u043a\u0430\u0436\u0434\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u0438 \u0441\u0438\u0441\u0442\u0435\u043c, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043b\u0438\u044f\u044e\u0442 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2023-08-09T11:06:10.000000Z"}, {"uuid": "52554837-e797-4cf6-8810-44b76e5ae4be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/true_secator/4606", "content": "\u041f\u043e\u0434\u043a\u0430\u0442\u0438\u043b \u0438\u044e\u043b\u044c\u0441\u043a\u0438\u0439 PatchTuesday \u043e\u0442 Microsoft, \u0430 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u043d\u0438\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f 132 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 6 0-day \u0438 13 RCE-\u043e\u0448\u0438\u0431\u043e\u043a, \u0434\u0435\u0432\u044f\u0442\u044c \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0446\u0435\u043d\u0435\u043d\u044b \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u043c\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0438\u043d\u0444\u043e\u0441\u0435\u043a-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438.\n\n\u0421\u0440\u0435\u0434\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c 33 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 13 - \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 37 - RCE, 19 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 22 - DoS, 7 - \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u043e\u043c.\n\n\u041d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 Microsoft \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043d\u0438 \u043e\u0434\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Microsoft Edge.\n\n\u0418\u0437 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 0-day:\n\nCVE-2023-32046\u00a0- \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows MSHTML, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043f\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u0435 \u0438\u043b\u0438 \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b.\n\nCVE-2023-32049\u00a0- \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 Windows SmartScreen, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043d\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u0440\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0438 \u0431\u044b\u043b\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0438 Microsoft Threat Intelligence Center.\n\nCVE-2023-36874\u00a0- \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 \u043e\u0442\u0447\u0435\u0442\u043e\u0432 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0430\u0445, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0448\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 Windows.\n\n\u0414\u043b\u044f \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0438\u043c\u0435\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435. \u041e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0412\u043b\u0430\u0434\u043e\u043c \u0421\u0442\u043e\u043b\u044f\u0440\u043e\u0432\u044b\u043c \u0438 \u041c\u044d\u0434\u0434\u0438 \u0421\u0442\u043e\u0443\u043d \u0438\u0437 Google TAG.\n\nCVE-2023-36884\u00a0- \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Office \u0438 Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 HTML \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 Microsoft Office.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0443\u0431\u0435\u0434\u0438\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u0443 \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b. \n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b\u0438\u0441\u044c, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Microsoft, \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u043e\u0439 RomCom, \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u0432\u0448\u0435\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c Industrial Spy (\u043d\u044b\u043d\u0435 - Underground), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Palo Alto, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0441 Cuba ransomware.\n\n\u041e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 Microsoft Threat Intelligence, \u0412\u043b\u0430\u0434 \u0421\u0442\u043e\u043b\u044f\u0440\u043e\u0432, \u041a\u043b\u0435\u043c\u0435\u043d\u0442 \u041b\u0435\u0441\u0438\u043d\u044c \u0438 \u0411\u0430\u0445\u0430\u0440\u0435 \u0421\u0430\u0431\u0443\u0440\u0438 \u0438\u0437 Google TAG, \u041f\u043e\u043b \u0420\u0430\u0441\u043a\u0430\u043d\u044c\u0435\u0440\u0435\u0441 \u0438 \u0422\u043e\u043c \u041b\u0430\u043d\u043a\u0430\u0441\u0442\u0435\u0440 \u0438\u0437 Volexity, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Microsoft Office Product Group.\n\nCVE-2023-35311\u00a0\u00a0- \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 Microsoft Outlook. \u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\nADV230001\u00a0- Microsoft \u043e\u0442\u043e\u0437\u0432\u0430\u043b\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043a\u043e\u0434\u0430 \u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043b\u0430\u0437\u0435\u0439\u043a\u0443 \u0432 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0435 Windows \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 \u0440\u0435\u0436\u0438\u043c\u0430 \u044f\u0434\u0440\u0430.\n\n\u041f\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044e Cisco Talos, \u044d\u0442\u0430 \u043b\u0430\u0437\u0435\u0439\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Chrome, Edge \u0438 Firefox (\u0438 \u0435\u0449\u0435 \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432), \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0432 \u041a\u0438\u0442\u0430\u0435.\n\n\u041f\u0440\u0438\u0447\u0435\u043c, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e, \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0443\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0434\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432.\n\n\u0420\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u0438 \u0443\u0447\u0430\u0441\u0442\u0438\u0438 Trend Micro \u0438 Cisco \u0431\u044b\u043b\u043e \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043e \u043f\u043e\u0441\u043b\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f Sophos \u043e\u0442 9 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0441 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 PatchTuesday \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043e \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2023-07-12T14:02:05.000000Z"}, {"uuid": "27aae81a-35b1-4f68-81e9-b7fbb8ab58fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/986", "content": "\u0628\u0627\u062c \u0627\u0641\u0632\u0627\u0631 \u0632\u06cc\u0631\u0632\u0645\u06cc\u0646\u06cc \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Storm-0978 \u06a9\u0647 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\n\nCVE-2023-36884 : Underground Ransomware deployed by Storm-0978 that exploited \nPDF : https://resources.securityscorecard.com/research/underground-ransomware", "creation_timestamp": "2024-01-27T08:35:34.000000Z"}, {"uuid": "fffabadf-365c-45d3-b35a-f1683de1e6d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://t.me/true_secator/4856", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Deep Instinct \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438\u00a0\u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430 \u0430\u0437\u0435\u0440\u0431\u0430\u0439\u0434\u0436\u0430\u043d\u0441\u043a\u0438\u0435 \u0446\u0435\u043b\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0432\u043e\u0435\u043d\u043d\u044b\u043c \u043a\u043e\u043d\u0444\u043b\u0438\u043a\u0442\u043e\u043c \u0432 \u041d\u0430\u0433\u043e\u0440\u043d\u043e\u043c \u041a\u0430\u0440\u0430\u0431\u0430\u0445\u0435, \u0441 \u0446\u0435\u043b\u044c\u044e \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u043e\u0432\u044b\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u041f\u041e \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Rust.\n\n\u041a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 Rusty Flag \u0438 \u0438\u043c\u0435\u043b\u0430 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u0432\u0430 \u0440\u0430\u0437\u043d\u044b\u0445 \u0432\u0435\u043a\u0442\u043e\u0440\u0430 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0430 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043f\u0440\u0438\u043c\u0430\u043d\u043e\u043a \u0431\u044b\u043b \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0433\u0440\u0443\u043f\u043f\u0430 Storm-0978.\n\n\u041d\u043e, \u043a\u0430\u043a \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u044d\u0442\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0430\u0442\u0430\u043a\u0443 \u043f\u043e\u0434\u00a0\u0447\u0443\u0436\u0438\u043c\u00a0\u0444\u043b\u0430\u0433\u043e\u043c.\n\n\u0418\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e Deep Instinct \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b LNK \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c 1.KARABAKH.jpg.lnk \u0438 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0449\u0438\u0439 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0435, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0435 \u0441 \u0432\u043e\u0435\u043d\u043d\u044b\u043c \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u043c \u0432\u00a0\u041d\u0430\u0433\u043e\u0440\u043d\u043e\u043c \u041a\u0430\u0440\u0430\u0431\u0430\u0445\u0435.\n\nLNK \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a MSI, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u044b\u0439 \u0432 DropBox, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0443\u043b\u043e\u0436\u0435\u043d \u0438\u043c\u043f\u043b\u0430\u043d\u0442 \u043d\u0430 Rust, XML-\u0444\u0430\u0439\u043b \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0437\u0430\u0434\u0430\u0447\u0438 \u0438 \u0444\u0430\u0439\u043b \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f-\u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438.\n\n\u0417\u0430\u0442\u0435\u043c \u043d\u0430\u0448\u0435\u043b\u0441\u044f \u0435\u0449\u0435 \u043e\u0434\u0438\u043d MSI-\u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0443\u0436\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b \u0434\u0440\u0443\u0433\u043e\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0442\u043e\u0433\u043e \u0436\u0435 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 Rust, \u043e\u0434\u043d\u0430\u043a\u043e \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0431\u044b\u043b\u043e \u0441\u043b\u043e\u0436\u043d\u0435\u0435.\n\nURL-\u0430\u0434\u0440\u0435\u0441 DropBox \u0431\u044b\u043b \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0441\u043e\u043a\u0440\u0430\u0449\u0435\u043d\u0438\u044f URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 (hxxps://t[.]]ly/8CYQW).\n\n\u0423\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u044b\u0439\u0442\u0438 \u043d\u0430 \u0444\u0430\u0439\u043b Overview_of_UWCs_UkraineInNATO_campaign.docx, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u043b \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u044d\u0442\u043e\u0442 URL.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u044d\u0442\u043e \u0438\u043c\u044f \u0444\u0430\u0439\u043b\u0430 \u0438 \u0435\u0433\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435, \u0431\u044b\u043b\u0438 \u0441 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0435\u0439\u00a0Storm-0978, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0439 CVE-2023-36884, \u043e \u0447\u0435\u043c \u0434\u0430\u0436\u0435 \u0438\u043c\u0435\u043b\u0441\u044f \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u043d\u0430 VirusTotal.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0441\u0435 \u0436\u0435 \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u0434\u0440\u0443\u0433\u043e\u0439 \u0444\u0430\u0439\u043b.\u00a0\u041f\u0440\u0438 \u044d\u0442\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 afchunk.rtf \u0437\u0430\u043c\u0435\u043d\u0435\u043d, \u0430 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u0430\u044f CVE \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0444\u0430\u0439\u043b\u0430 MSI \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c CVE-2017-11882. \u0412\u0441\u0435 \u044d\u0442\u043e \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442, \u043f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043a\u0430\u043a \u043f\u0440\u0435\u0434\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u0430\u044f \u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u0441\u0432\u044f\u0437\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0441 Storm-0978.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0430\u044f \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u0441\u043e\u0431\u043e\u0439 \u043e\u0444\u0438\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 MSI \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b \u0444\u0430\u0439\u043b-\u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0443 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 PDF. \u041a\u0430\u0436\u0434\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u0438\u043c\u0435\u043b\u0430 \u0441\u0432\u043e\u0438 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0438\u043c\u0435\u043d\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u0425\u043e\u0442\u044f \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0435 \u0432\u0435\u043a\u0442\u043e\u0440\u044b \u0440\u0430\u0437\u043b\u0438\u0447\u0430\u043b\u0438\u0441\u044c, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0432 \u043e\u0431\u043e\u0438\u0445 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u0445 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u043b\u043e\u0441\u044c \u043e\u0434\u0438\u043d\u0430\u043a\u043e\u0432\u043e. \u041f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430 \u043e\u043d \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043b \u0432 \u0440\u0435\u0436\u0438\u043c \u0441\u043d\u0430 \u043d\u0430 12 \u043c\u0438\u043d\u0443\u0442.\u00a0\u042d\u0442\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043c\u0435\u0442\u043e\u0434, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u043e\u0441\u0442\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0432 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0435.\n\n\u0417\u0430\u0442\u0435\u043c \u043d\u0430\u0447\u0438\u043d\u0430\u043b \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435. \u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0437\u0430\u0442\u0435\u043c \u0448\u0438\u0444\u0440\u0443\u0435\u0442\u0441\u044f \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0435\u043e\u0431\u044b\u0447\u043d\u044b\u0439, \u0436\u0435\u0441\u0442\u043a\u043e \u0437\u0430\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u0440\u0442\u00a035667.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Deep Instinct \u0442\u0430\u043a \u0438 \u043d\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u0442\u044c \u044d\u0442\u0438 \u0430\u0442\u0430\u043a\u0438 \u043a\u0430\u043a\u043e\u043c\u0443-\u043b\u0438\u0431\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u0430 \u043e\u0431\u0430 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 Rust \u0438\u043c\u0435\u043b\u0438 0 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0439 \u043f\u0440\u0438 \u043f\u0435\u0440\u0432\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u0432 VirusTotal.\n\n\u0422\u0430\u043a \u0447\u0442\u043e, \u0447\u044c\u044f-\u0442\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u043c\u0430\u044f \u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u0438\u043c\u0438\u0442\u0430\u0446\u0438\u0438 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a \u043d\u0430 \u0410\u0437\u0435\u0440\u0431\u0430\u0439\u0434\u0436\u0430\u043d \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c\u044b\u0445 \u043a \u0420\u043e\u0441\u0441\u0438\u0438 \u0433\u0440\u0443\u043f\u043f \u043c\u043e\u0436\u0435\u0442 \u0438 \u0438\u043c\u0435\u043b\u0430 \u0431\u044b \u0432 \u043c\u043e\u043c\u0435\u043d\u0442\u0435 \u0448\u0430\u043d\u0441\u044b \u043d\u0430 \u0443\u0441\u043f\u0435\u0445, \u0435\u0441\u043b\u0438 \u0431\u044b \u043d\u0435 Deep Instinct \u0441\u043e \u0441\u0432\u043e\u0438\u043c \u043e\u0442\u0447\u0435\u0442\u043e\u043c.\n\n\u041d\u043e, \u043a\u0430\u043a \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0430, \u0438\u043d\u043e\u0433\u0434\u0430 \u043e\u043d\u0438 \u0438\u043c\u0435\u044e\u0442 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u043e \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u0432 404, \u043d\u0443 \u0430 \u043f\u043e\u043a\u0430 - IOC \u0438 MITRE \u043d\u0430 \u043c\u0435\u0441\u0442\u0435 \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2023-09-15T19:20:06.000000Z"}, {"uuid": "cd30dd18-6f68-46c3-97a9-9ed6f4e71560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-e8c8129d-b09e02c4de9c4f4a", "content": "Exploits and vulnerabilities in Q1 2026\nDuring Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems.\nIn this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged by popular C2 frameworks throughout Q1 2026.\nStatistics on registered vulnerabilities\nThis section provides statistical data on registered vulnerabilities. The data is sourced from cve.org.\nWe examine the number of registered CVEs for each month starting from January 2022. The total volume of vulnerabilities continues rising and, according to current reports, the use of AI agents for discovering security issues is expected to further reinforce this upward trend.\nTotal published vulnerabilities per month from 2022 through 2026 (download)\nNext, we analyze the number of new critical vulnerabilities (CVSS > 8.9) over the same period.\nTotal critical vulnerabilities published per month from 2022 through 2026 (download)\nThe graph indicates that while the volume of critical vulnerabilities slightly decreased compared to previous years, an upward trend remained clearly visible. At present, we attribute this to the fact that the end of last year was marked by the disclosure of several severe vulnerabilities in web frameworks. The current growth is driven by high-profile issues like React2Shell, the release of exploit frameworks for mobile platforms, and the uncovering of secondary vulnerabilities during the remediation of previously discovered ones. We will be able to test this hypothesis in the next quarter; if correct, the second quarter will show a significant decline, similar to the pattern observed in the previous year.\nExploitation statistics\nThis section presents statistics on vulnerability exploitation for Q1 2026. The data draws on open sources and our telemetry.\nWindows and Linux vulnerability exploitation\nIn Q1 2026, threat actor toolsets were updated with exploits for new, recently registered vulnerabilities. However, we first examine the list of veteran vulnerabilities that consistently account for the largest share of detections:\n\nCVE-2018-0802: a remote code execution (RCE) vulnerability in the Equation Editor component\nCVE-2017-11882: another RCE vulnerability also affecting Equation Editor\nCVE-2017-0199: a vulnerability in Microsoft Office and WordPad that allows an attacker to gain control over the system\nCVE-2023-38831: a vulnerability resulting from the improper handling of objects contained within an archive\nCVE-2025-6218: a vulnerability allowing the specification of relative paths to extract files into arbitrary directories, potentially leading to malicious command execution\nCVE-2025-8088: a directory traversal bypass vulnerability during file extraction utilizing NTFS Streams\nAmong the newcomers, we have observed exploits targeting the Microsoft Office platform and Windows OS components. Notably, these new vulnerabilities exploit logic flaws arising from the interaction between multiple systems, making them technically difficult to isolate within a specific file or library. A list of these vulnerabilities is provided below:\n\nCVE-2026-21509 and CVE-2026-21514: security feature bypass vulnerabilities: despite Protected View being enabled, a specially crafted file can still execute malicious code without the user\u2019s knowledge. Malicious commands are executed on the victim\u2019s system with the privileges of the user who opened the file.\nCVE-2026-21513: a vulnerability in the Internet Explorer MSHTML engine, which is used to open websites and render HTML markup. The vulnerability involves bypassing rules that restrict the execution of files from untrusted network sources. Interestingly, the data provider for this vulnerability was an LNK file.\nThese three vulnerabilities were utilized together in a single chain during attacks on Windows-based user systems. While this combination is noteworthy, we believe the widespread use of the entire chain as a unified exploit will likely decline due to its instability. We anticipate that these vulnerabilities will eventually be applied individually as initial entry vectors in phishing campaigns.\nBelow is the trend of exploit detections on user Windows systems starting from Q1 2025.\nDynamics of the number of Windows users encountering exploits, Q1 2025 \u2013 Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)\nThe vulnerabilities listed here can be leveraged to gain initial access to a vulnerable system and for privilege escalation. This underscores the critical importance of timely software updates.\nOn Linux devices, exploits for the following vulnerabilities were detected most frequently:\n\nCVE-2022-0847: a vulnerability known as Dirty Pipe, which enables privilege escalation and the hijacking of running applications\nCVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation\nCVE-2021-22555: a heap out-of-bounds write vulnerability in the Netfilter kernel subsystem\nCVE-2023-32233: a vulnerability in the Netfilter subsystem that allows for Use-After-Free conditions and privilege escalation through the improper processing of network requests\nDynamics of the number of Linux users encountering exploits, Q1 2025 \u2013 Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)\nIn the first quarter of 2026, we observed a decrease in the number of detected exploits; however, the detection rates are on the rise relative to the same period last year. For the Linux operating system, the installation of security patches remains critical.\nMost common published exploits\nThe distribution of published exploits by software type in Q1 2026 features an updated set of categories; once again, we see exploits targeting operating systems and Microsoft Office suites.\nDistribution of published exploits by platform, Q1 2026 (download)\nVulnerability exploitation in APT attacks\nWe analyzed which vulnerabilities were utilized in APT attacks during Q1 2026. The ranking provided below includes data based on our telemetry, research, and open sources.\nTOP 10 vulnerabilities exploited in APT attacks, Q1 2026 (download)\nIn Q1 2026, threat actors continued to utilize high-profile vulnerabilities registered in the previous year for APT attacks. The hypothesis we previously proposed has been confirmed: security flaws affecting web applications remain heavily exploited in real-world attacks. However, we are also observing a partial refresh of attacker toolsets. Specifically, during the first quarter of the year, APT campaigns leveraged recently discovered vulnerabilities in Microsoft Office products, edge networking device software, and remote access management systems. Although the most recent vulnerabilities are being exploited most heavily, their general characteristics continue to reinforce established trends regarding the categories of vulnerable software. Consequently, we strongly recommend applying the security patches provided by vendors.\nC2 frameworks\nIn this section, we examine the most popular C2 frameworks used by threat actors and analyze the vulnerabilities targeted by the exploits that interacted with C2 agents in APT attacks.\nThe chart below shows the frequency of known C2 framework usage in attacks against users during Q1 2026, according to open sources.\nTOP 10 C2 frameworks used by APTs to compromise user systems, Q1 2026 (download)\nMetasploit has returned to the top of the list of the most common C2 frameworks, displacing Sliver, which now shares the second position with Havoc. These are followed by Covenant and Mythic, the latter of which previously saw greater popularity. After studying open sources and analyzing samples of malicious C2 agents that contained exploits, we determined that the following vulnerabilities were utilized in APT attacks involving the C2 frameworks mentioned above:\n\nCVE-2023-46604: an insecure deserialization vulnerability allowing for arbitrary code execution within the server process context if the Apache ActiveMQ service is running\nCVE-2024-12356 and CVE-2026-1731: command injection vulnerabilities in BeyondTrust software that allow an attacker to send malicious commands even without system authentication\nCVE-2023-36884: a vulnerability in the Windows Search component that enables command execution on the system, bypassing security mechanisms built into Microsoft Office applications\nCVE-2025-53770: an insecure deserialization vulnerability in Microsoft SharePoint that allows for unauthenticated command execution on the server\nCVE-2025-8088 and CVE-2025-6218: similar directory traversal vulnerabilities that allow files to be extracted from an archive to a predefined path, potentially without the archiving utility displaying any alerts to the user\nThe nature of the described vulnerabilities indicates that they were exploited to gain initial access to the system. Notably, the majority of these security issues are targeted to bypass authentication mechanisms. This is likely due to the fact that C2 agents are being detected effectively, prompting threat actors to reduce the probability of discovery by utilizing bypass exploits.\nNotable vulnerabilities\nThis section highlights the most significant vulnerabilities published in Q1 2026 that have publicly available descriptions.\nCVE-2026-21519: Desktop Window Manager vulnerability\nAt the core of this vulnerability is a Type Confusion flaw. By attempting to access a resource within the Desktop Window Manager subsystem, an attacker can achieve privilege escalation. A necessary condition for exploiting this issue is existing authorization on the system.\nIt is worth noting that the DWM subsystem has been under close scrutiny by threat actors for quite some time. Historically, the primary attack vector involves interacting with the NtDComposition* function set.\nRegPwn (CVE-2026-21533): a system settings access control vulnerability\nCVE-2026-21533 is essentially a logic vulnerability that enables privilege escalation. It stems from the improper handling of privileges within Remote Desktop Services (RDS) components. By modifying service parameters in the registry and replacing the configuration with a custom key, an attacker can elevate privileges to the SYSTEM level. This vulnerability is likely to remain a fixture in threat actor toolsets as a method for establishing persistence and gaining high-level privileges.\nCVE-2026-21514: a Microsoft Office vulnerability\nThis vulnerability was discovered in the wild during attacks on user systems. Notably, an LNK file is used to initiate the exploitation process. CVE-2026-21514 is also a logic issue that allows for bypassing OLE technology restrictions on malicious code execution and the transmission of NetNTLM authentication requests when processing untrusted input.\nClawdbot (CVE-2026-25253): an OpenClaw vulnerability\nThis vulnerability in the AI agent leaks credentials (authentication tokens) when queried via the WebSocket protocol. It can lead to the compromise of the infrastructure where the agent is installed: researchers have confirmed the ability to access local system data and execute commands with elevated privileges. The danger of CVE-2026-25253 is further compounded by the fact that its exploitation has generated numerous attack scenarios, including the use of prompt injections and ClickFix techniques to install stealers on vulnerable systems.\nCVE-2026-34070: LangChain framework vulnerability\nLangChain is an open-source framework designed for building applications powered by large language models (LLMs). A directory traversal vulnerability allowed attackers to access arbitrary files within the infrastructure where the framework was deployed. The core of CVE-2026-34070 lies in the fact that certain functions within langchain_core/prompts/loading.py handled configuration files insecurely. This could potentially lead to the processing of files containing malicious data, which could be leveraged to execute commands and expose critical system information or other sensitive files.\nCVE-2026-22812: an OpenCode vulnerability\nCVE-2026-22812 is another vulnerability identified in AI-assisted coding software. By default, the OpenCode agent provided local access for launching authorized applications via an HTTP server that did not require authentication. Consequently, attackers could execute malicious commands on a vulnerable device with the privileges of the current user.\nConclusion and advice\nWe observe that the registration of vulnerabilities is steadily gaining momentum in Q1 2026, a trend driven by the widespread development of AI tools designed to identify security flaws across various software types. This trajectory is likely to result not only in a higher volume of registered vulnerabilities but also in an increase in exploit-driven attacks, further reinforcing the critical necessity of timely security patch deployment. Additionally, organizations must prioritize vulnerability management and implement effective defensive technologies to mitigate the risks associated with potential exploitation.\nTo ensure the rapid detection of threats involving exploit utilization and to prevent their escalation, it is essential to deploy a reliable security solution. Key features of such a tool include continuous infrastructure monitoring, proactive protection, and vulnerability prioritization based on real-world relevance. These mechanisms are integrated into Kaspersky Next, which also provides endpoint security and protection against cyberattacks of any complexity. \nsecurelist.com/vulnerabilities\u2026", "creation_timestamp": "2026-05-07T10:52:26.516231Z"}, {"uuid": "2fe09aa6-b698-4671-9c93-16b63e2def5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/Rootsec_2/384", "content": "\ud83d\udca5Storm-0978 attacks reveal financial and espionage motives\nMicrosoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978(DEV-0978, RomCom...) targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited via Microsoft Word documents, using lures related to the Ukrainian World Congress.", "creation_timestamp": "2024-08-16T08:08:28.000000Z"}, {"uuid": "fa292ecd-7334-4574-a1bc-b89848b9c49d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/Rootsec_2/390", "content": "\ud83e\udd37\ud83c\udffc\u200d\u2642\ufe0fCVE-2023-36884 - \u043d\u0435 \u0441\u043a\u0430\u0437\u0430\u0442\u044c \u0447\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u043a\u0430\u043a\u0430\u044f-\u0442\u043e \u043d\u043e\u0432\u0430\u044f \u0442\u0435\u0445\u043d\u0438\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0434\u0430\u043d\u043d\u0430\u044f \u0431\u0430\u0433\u0430 \u0432 Office/Windows HTML \u043f\u043e\u0445\u043e\u0436\u0430 \u043d\u0430 \u0440\u0430\u043d\u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0443\u044e \u0431\u0430\u0433\u0443 \u0432 Microsoft MSHTML(CVE-2021-40444, RCE), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u043e\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0440\u0430\u043d\u0435\u0435 \u0432 \"\u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0439\" \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u041d\u0438\u0436\u0435 \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044e \u0441\u043f\u0438\u0441\u043e\u043a \u0441\u0441\u044b\u043b\u043e\u043a \u0441 \u0430\u043d\u0430\u043b\u0438\u0437\u043e\u043c/\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 CVE-2021-40444, \u0434\u043b\u044f \u0442\u0435\u0445 \u043a\u0442\u043e \u0432\u0434\u0440\u0443\u0433 \u0437\u0430\u0431\u044b\u043b:\n\ud83d\udcbeUnpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit\n\ud83d\udcbeAnalyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability\n\ud83d\udcbeCVE-2021-40444 Analysis/Exploit\n\ud83d\udcbeMicrosoft-Office-Word-MSHTML-Remote-Code-Execution-Exploit\n\ud83d\udcbeCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit \n\ud83d\udcbeMalicious docx generator to exploit CVE-2021-40444\n\ud83d\udcbeFull exploit (RCE w/ sandbox escape) only using 6 lines of javascript code(\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043a \u043f\u0440\u043e\u0447\u0442\u0435\u043d\u0438\u044e)", "creation_timestamp": "2024-08-16T08:08:29.000000Z"}, {"uuid": "f19927b2-fbab-4089-b8ed-1e1d9d7cd011", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8669", "content": "#exploit\n1. Padding Oracle exploit\nhttps://github.com/glebarez/padre\n\n2. CVE-2023-36884:\nOffice/Windows HTML RCE Vulnerability\nhttps://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline", "creation_timestamp": "2023-07-14T13:23:38.000000Z"}, {"uuid": "e2f79cb4-fc9f-4dcd-b2a8-4a1cb460db8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8692", "content": "#tools\n#Blue_Team_Techniques\n1. Script to check for CVE-2023-36884 hardening\nhttps://github.com/tarraschk/CVE-2023-36884-Checker\n2. A python script tht searches for vulnerable version of PaperCut MF/NG (CVE-2023-27350)\nhttps://github.com/MaanVader/CVE-2023-27350-POC", "creation_timestamp": "2023-07-18T12:27:16.000000Z"}, {"uuid": "05a9f7d4-b569-4f59-8869-1236d11a29a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36884", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/8852", "content": "#Malware_analysis\nUnderground Ransomware deployed by Storm-0978 that exploited CVE-2023-36884", "creation_timestamp": "2023-08-15T10:59:01.000000Z"}]}