Sign In with your
Trend Micro Account

若您需要技術支援,請 按此建立案件。

SECURITY ALERT: MS Office and Windows HTML RCE Vulnerability (CVE-2023-36884)

    • 更新於:
    • 20 Jul 2023
    • 產品/版本:
    • 作業系統:
On Tuesday, July 11th, Microsoft released their latest security patches which included code to address an observed in-the-wild (ITW) 0-day for an Office and Windows HTML Remote Code Execution vulnerability and was assigned CVE-2023-36884.

Microsoft is aware of targeted attacks that attempt to exploit this vulnerability. Successful exploitation of this vulnerability requires the user to open a specially crafted Microsoft Office document.

Microsoft has released further information and guidance in their advisory and more Trend Micro protection and investigation information is below.

Using Trend Micro Products for Investigation

The following highlights several post-exploitation detections and remediation technology that can be used by customers to investigate and help with potential remediation in a customer’s environment.

Trend Vision One™

Trend Vision One customers benefit from attack surface risk management and XDR capabilities of the overall platform, fed by products such as Trend Micro Apex One, allowing existing customers to stay up to date on the latest information on these vulnerabilities. Leveraging the Risk Insights family of apps, customers can scan for, and identify impacted assets, and stay up to date on latest mitigation steps, including how to use Trend products to detect and defend against exploitation.

Risk Insights > Executive Dashboard

An updated Zero Day Vulnerability page in the Trend Vision One Executive Dashboard has been launched to provide a lot of relevant information in one area for Trend Vision One users and will be updated as more information is released.


Curated Intelligence Reports

An updated Curated Intelligence Report in Trend Vision One for this 0-day has been added that will automatically conduct some endpoint activity sweeping for XDR customers that have this enabled.



Trend Micro Protection and Detection Against Exploitation

First and foremost, it is always highly recommended that users apply the vendor's patches when they become available. Microsoft has provided additional information and guidance here

In addition to the vendor patches, Trend Micro does have some supplementary detection/protection patterns that may help provide additional protection against further potential exploits.
Preventative Rules, Filters & Detection

Trend Micro Cloud One - Network Security & TippingPoint Protection Filters
  • 42965: HTTP: Suspicious iframe Using a Local File Handler Detected
  • 42972: HTTP: Trojan.Win64.ThirdEyeStealer.A Runtime Detection (Exfiltrate Information)
  • 42188: ICMP: Backdoor.Win64.ROMCOM.YACFT Runtime Detection
  • 42189: HTTP: Backdoor.Win64.ROMCOM.YACFT Runtime Detection

Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring) for Endpoint, Servers (e.g. Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security w/Anti-malware, etc.), Mail & Gateway (e.g. Cloud App Security, ScanMail for Exchange, IMSVA)

Known exploits associated with this vulnerability include:
  • Trojan.W97M.CVE20170199.PFKNO
  • Trojan.W97M.CVE202336884.YEDGL
  • Backdoor.Win64.ROMCOM.YEDD1
Trend Micro is also blocking all known Command & Control (C2) and malicious URLs associated with known exploits via Trend Micro's Web Reputation Services (WRS) technology in products that support it.
Remove a Malware / Virus



若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.