Detections
Analytics

CVE-2023-36884

high

Description

Windows Search Remote Code Execution Vulnerability

From the Tenable Blog

Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884)
Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884)

Published: 2023-07-11

Microsoft addresses 130 CVEs including five that were exploited in the wild as zero-day vulnerabilities and guidance on the malicious use of Microsoft signed drivers.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

https://www.theregister.com/2025/08/11/russias_romcom_among_those_exploiting/

https://www.infosecurity-magazine.com/news/winrar-zero-day-exploited-romcom/

https://www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/

https://thehackernews.com/2025/08/winrar-zero-day-under-active.html

https://www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/

https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/

https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html

https://www.bleepingcomputer.com/news/security/underground-ransomware-claims-attack-on-casio-leaks-stolen-data/

https://securityonline.info/romcom-groups-underground-ransomware-exploits-microsoft-zero-day-flaw/?&web_view=true

https://securelist.com/vulnerability-exploit-report-q2-2024/113455/

https://securelist.com/vulnerability-report-q1-2024/112554/

https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html

https://www.tenable.com/blog/microsoft-patch-tuesday-2023-year-in-review

https://www.tenable.com/blog/microsofts-august-2023-patch-tuesday-addresses-73-cves-cve-2023-38180

https://www.tenable.com/blog/microsofts-july-2023-patch-tuesday-addresses-130-cves-cve-2023-36884

Details

Source: Mitre, NVD

Published: 2023-07-11

Updated: 2025-01-23

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.91053