Current vulnerability in Microsoft Office [13.07.23]
On July 11, 2023, the vendor Microsoft announced a zero-day vulnerability in the Office suite that is already being actively exploited. According to the vendor, a remote attacker can achieve remote code execution if the victim is tricked into opening a specially crafted Microsoft Office document. Furthermore, Microsoft reports a phishing campaign already exploiting the vulnerability described here.
Microsoft also closed actively exploited vulnerabilities as part of the July patchday, which attackers can use to bypass security warnings when opening links in Outlook or the Windows SmartScreen warning when opening executable files. Exploited vulnerabilities that allow attackers to elevate privileges have also been closed.
No patch is currently available for the zero-day vulnerability described above. While the patch for this is still awaited, the July Patchday security updates can at least close the vulnerabilities described above as well as other vulnerabilities in Microsoft products. It is therefore strongly recommended to install these updates in the short term and to check regularly whether a patch has been released.
As a general rule, do not open any attachments from unknown persons or senders. If in doubt, please ask the sender personally or by telephone.
If you have any questions, please contact kim-it@uni-hohenheim.de.
Do you have questions or comments about this site? contact form