CVE-2023-36884: Microsoft Windows Search Remote Code Execution

Microsoft Windows Search Remote Code Execution Vulnerability. Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.

• CISA KEV-listed (remediation due 2023-08-29)
• used in ransomware campaigns
• EPSS 93.0% (99.8% percentile)

Detection rules

• Potential CVE-2023-36884 Exploitation Dropped File medium
• Potential CVE-2023-36884 Exploitation Pattern critical
• Potential CVE-2303-36884 URL Request Pattern Traffic high
• Potential CVE-2023-36884 Exploitation - File Downloads medium
• Potential CVE-2023-36884 Exploitation - Share Access high
• Potential CVE-2023-36884 Exploitation - URL Marker high

Browse the CVE database

Read the full analysis on IntelFusions