Microsoft Office and Windows HTML Remote Code Execution - #CVE-2023-36884
In July 2023, Microsoft disclosed a zero-day vulnerability in Windows Search that allowed remote code execution and was exploited using malicious Word documents. Microsoft provided workarounds but did not issue a patch until August. The patch focused on randomizing temporary path names, making exploit code unable to guess the correct path to launch extracted files. Micropatches were released for Windows versions, including unsupported ones. A cyber attack targeted a NATO summit by exploiting the same vulnerability, bypassing defenses to make users interact with malicious files. The consequences were significant, with international secrets at stake. Content Disarm and Reconstruction technology provides immediate protection upon deployment.