Tom Lancaster

**Name of the Vulnerable Software and Affected Versions** Microsoft Office and Windows versions (affected versions not specified) **Description** This issue is a remote code execution vulnerability affecting Microsoft Office and Windows systems. It stems from flaws in how input data is processed, specifically related to Office and Windows HTML. Successful exploitation allows attackers to execute arbitrary code remotely, potentially impacting the system. The vulnerability has been actively exploited in the wild by threat actors, including the RomCom (Storm-0978) group, who have used it to deploy Underground Ransomware. The vulnerability allows attackers to bypass Mark of the Web (MOTW) defenses. The exploitation involves a complex chain, potentially utilizing .search-ms files and CHM files. The vulnerability was initially identified as CVE-2023-36884 and has been exploited in targeted attacks against organizations in Europe and North America. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.