CVE-2023-35371 – This vulnerability in Microsoft Office allows a... (How to Fix)

Q: What is the severity of CVE-2023-35371?

CVE-2023-35371 has a CVSS score of 7.8 (HIGH). This vulnerability in Microsoft Office allows attackers to execute arbitrary code on a victim's system by tricking them into opening a specially crafted Office document. It affects users of Microsoft Office applications who open malicious files from untrusted sources.

📋 TL;DR

This vulnerability in Microsoft Office allows attackers to execute arbitrary code on a victim's system by tricking them into opening a specially crafted Office document. It affects users of Microsoft Office applications who open malicious files from untrusted sources.

💻 Affected Systems

Products:

Microsoft Office
Microsoft 365 Apps

Versions: Multiple versions prior to July 2023 security updates

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious document; affects both desktop and subscription versions

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation leading to data exfiltration, credential theft, or lateral movement within the network.

🟢

If Mitigated

Limited impact with proper application whitelisting and macro restrictions preventing malicious document execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to deliver malicious document; exploitation likely through phishing campaigns

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2023 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371

Restart Required: Yes

Instructions:

1. Open affected Office application. 2. Go to File > Account > Update Options > Update Now. 3. Restart computer after update completes.

🔧 Temporary Workarounds

Block Office documents from untrusted sources

windows

Configure Group Policy to block Office documents from the internet or untrusted locations

Disable automatic document opening

windows

Change Office settings to prevent automatic opening of documents from email or web

🧯 If You Can't Patch

Implement application control/whitelisting to restrict which Office documents can execute
Deploy email filtering to block Office documents from external sources and train users on phishing awareness

🔍 How to Verify

Check if Vulnerable:

Check Office version against July 2023 security update version in File > Account > About

Check Version:

In Office app: File > Account > About [Application Name]

Verify Fix Applied:

Verify Office build number is equal to or greater than July 2023 security update version

📡 Detection & Monitoring

Log Indicators:

Unusual Office process spawning child processes
Office applications crashing with memory corruption errors
Multiple document opens from email attachments

Network Indicators:

Outbound connections from Office processes to suspicious IPs
DNS requests for known malicious domains following document open

SIEM Query:

source="windows-security" EventCode=4688 NewProcessName contains "powershell" OR "cmd" ParentProcessName contains "winword" OR "excel" OR "powerpnt"

📊 Metadata

CVE ID: CVE-2023-35371

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-415

Published: August 8, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35371, you might also want to check these: