CVE-2023-36761

Name of the Vulnerable Software and Affected Versions Microsoft Word versions prior to the fixed version in September 2023 Patch Tuesday

Description The vulnerability in Microsoft Word is related to the lack of protection for internal data, which can allow an attacker to disclose sensitive information. Exploitation of this issue is not limited to opening a malicious Word document, as simply previewing the file can trigger the exploit. This can lead to the disclosure of New Technology LAN Manager (NTLM) hashes. The estimated number of potentially affected devices worldwide is not specified. However, it is mentioned that the vulnerability is being exploited in the wild.

Recommendations As a temporary workaround, consider disabling the preview feature in Microsoft Word until a patch is available. Update Microsoft Word to the version released in September 2023 Patch Tuesday or later. Restrict access to sensitive information and limit the use of Microsoft Word for handling confidential documents until the issue is resolved. Apply the patches provided by Microsoft in the September 2023 Patch Tuesday update to fix the vulnerability.