CVE-2023-36884 - HTML Remote Code Execution Vulnerability
Purpose
This solution is created to protect against CVE-2023-36884, the Office and Windows HTML Remote Code Execution Vulnerability.
Associated Content
| Content | Type | Function |
|---|---|---|
| SEC - Script - CVE-2023-36884 - HTML Remote Code Execution Vulnerability [Autofix] | Script | This script performs the mitigation based on the article CVE-2023-36884. |
| SEC - Dataview - CVE-2023-36884 - HTML Remote Code Execution Vulnerability Audit [Script] | Dataview | This dataview shows the list of computers where the mitigation has been attempted or applied. |
| SEC - Internal Monitor - CVE-2023-36884 - HTML Remote Code Execution | Internal Monitor | This internal monitor detects the Windows agents that are online and where Office is installed, and where the mitigation hasn't been attempted. |
| △ Custom - Autofix - CVE-2023-36884 - Mitigation Apply | Alert Template | This autofix contains the script CVE-2023-36884 - Office and Windows HTML Remote Code Execution Vulnerability to execute and perform the mitigation. |
Implementation
- Import the Monitor (SEC - Internal Monitor - CVE-2023-36884 - HTML Remote Code Execution).
- Import the Dataview (SEC - Dataview - CVE-2023-36884 - HTML Remote Code Execution Vulnerability Audit [Script]).
- Import the Alert Template (△ Custom - Autofix - CVE-2023-36884 - Mitigation Apply).
- Validate that the script was also imported and assigned to the alert template. (SEC - Script - CVE-2023-36884 - HTML Remote Code Execution Vulnerability).
- Apply the alert template to the monitor.