Microsoft is warning about a security bug in Windows and Office that has no patch (yet) but is being publicly exploited. We’ll explain what to look out for and how to protect yourself.
It appears to be (yet another) security hole in Windows which allows unauthorized code to run on a computer. It’s from a group called Storm-0978, DEV-0978 or RomCom depending on who you talk to.
At the moment, that bug is being exploited via Word documents sent by the Russian group which is mostly targeting Ukrainian organizations (surprise, surprise) but also globally infiltrating organizations to get logins or infect with ransomware.
No Patch Yet
Microsoft hasn’t yet released a patch for this security bug. Since it’s being exploited widely, they’ve gone public with a warning – good call.
While the underlying Windows flaw hasn’t been fixed, there are some interim protections available and quite possibly already on your computer.
According to Microsoft their security products “Defender for Office 365” and “Defender” (which comes with Windows) will block infected docs. Other anti-virus software should already be updated to detect infected Word documents.
Recent Microsoft 365 for Windows (version 2302, March 2023 and later) are protected from the vulnerability. There’s no mention of protection for Office 2021 users, let alone earlier versions of Office.
For organizations using earlier releases there’s a registry entry “FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION ” that can block the vulnerability but might also prevent some Office features from working normally. See CVE-2023-36884 for details.
What to do?
For the moment all you can do is ensure both Office and your anti-virus products are up to date. Both should be updated automatically but if you want to double-check.
Office – File | Account | Updates
A good idea for any version of Office for Windows.
Windows (Defender) – go to “Windows Security” | Virus & threat protection | Protection Updates | Check for Updates