Windows Search Remote Code Execution Vulnerability
Published: 2023-07-11
Microsoft addresses 130 CVEs including five that were exploited in the wild as zero-day vulnerabilities and guidance on the malicious use of Microsoft signed drivers.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
https://www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/
https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/
https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html
https://www.bleepingcomputer.com/news/security/underground-ransomware-claims-attack-on-casio-leaks-stolen-data/
https://securityonline.info/romcom-groups-underground-ransomware-exploits-microsoft-zero-day-flaw/?&web_view=true
https://securelist.com/vulnerability-exploit-report-q2-2024/113455/
https://securelist.com/vulnerability-report-q1-2024/112554/
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
https://www.tenable.com/blog/microsoft-patch-tuesday-2023-year-in-review
https://www.tenable.com/blog/microsofts-august-2023-patch-tuesday-addresses-73-cves-cve-2023-38180
https://www.tenable.com/blog/microsofts-july-2023-patch-tuesday-addresses-130-cves-cve-2023-36884
Source: Mitre, NVD
Updated: 2025-01-23
Known Exploited Vulnerability (KEV)
Base Score: 7.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Severity: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS: 0.93071