Skip to content
July 4, 2026
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy

Microsoft News Now

The Home of Microsoft News Today

Primary Menu
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy
Light/Dark Button
Subscribe

Home - News - Russian group RomCom exploits Microsoft Office and Windows HTML RCE zero-day vulnerability CVE-2023-36884 to deploy malicious ransomware

  • News

Russian group RomCom exploits Microsoft Office and Windows HTML RCE zero-day vulnerability CVE-2023-36884 to deploy malicious ransomware

A critical security threat has emerged as the Russian group RomCom, also known as Storm-0978, has been actively exploiting a Microsoft Office and Windows HTML Remote Code Execution (RCE) zero-day vulnerability, identified as CVE-2023-36884, to deploy ransomware.
Dave W. Shanahan 2 years ago (Last updated: 1 year ago) 2 minutes read
Russian group RomCom exploits Microsoft Office and Windows HTML RCE zero-day vulnerability CVE-2023-36884 to deploy malicious ransomware

A critical security threat has emerged as the Russian group RomCom, also known as Storm-0978, has been actively exploiting a Microsoft Office and Windows HTML Remote Code Execution (RCE) zero-day vulnerability, identified as CVE-2023-36884, to deploy malicious ransomware. This vulnerability allows attackers to execute remote code on a victim’s computer by crafting a specially designed Microsoft Office document, which, when opened, initiates a series of malicious activities.

Russian group RomCom and CVE-2023-36884 vulnerability details

CVE-2023-36884 is a RCE vulnerability in Microsoft Windows and Office that has been assigned a CVSSv3 score of 8.3. It has been exploited in the wild as a zero-day vulnerability, with Microsoft observing active in-the-wild exploitation using specially crafted Microsoft Office documents. The vulnerability requires user interaction, as the victim must open the malicious document for the exploit to succeed.

RomCom exploits vulnerability

Russian group RomCom exploits Microsoft Office and Windows HTML RCE zero-day vulnerability CVE-2023-36884 to deploy malicious ransomware
Russian group RomCom ransom note

 

RomCom has been involved in targeted attacks against defense and government organizations in Europe and North America. These attacks have employed sophisticated techniques, including weaponizing Microsoft Word documents to pose as information regarding the Ukrainian World Congress. The exploitation campaign has been linked to the upcoming NATO Summit, with guests set to participate in the summit being targeted.

Mitigation and protection

Microsoft has provided mitigation guidance to help protect users from this vulnerability. This includes blocking Office applications from creating child processes or setting the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key to avoid exploitation. Additionally, Microsoft Defender for Office 365 protects users from attachments designed to exploit CVE-2023-36884.

Impact and recommendations

Russian group RomCom exploits Microsoft Office and Windows HTML RCE zero-day vulnerability CVE-2023-36884 to deploy malicious ransomware

The exploitation of CVE-2023-36884 by RomCom poses a significant threat to organizations and individuals using Microsoft Office and Windows products. It is crucial for users to remain vigilant and avoid opening suspicious documents. Organizations should implement the recommended mitigations and ensure their security software is up-to-date to protect against these targeted attacks.

This incident highlights the ongoing threat of zero-day vulnerabilities and the importance of robust security measures. Users and organizations must stay informed and take proactive steps to mitigate these risks and protect their systems and data.

About The Author

Russian group RomCom

Dave W. Shanahan

I’m Dave W. Shanahan, a Microsoft enthusiast with a passion for Windows, Xbox, Microsoft 365 Copilot, Azure, and more. I started MSFTNewsNow.com to keep the world updated on Microsoft news. Based in Massachusetts, you can email me at davewshanahan@gmail.com.

See author's posts

Like this:

LikeLoading…

Related


Discover more from Microsoft News Now

Subscribe to get the latest posts sent to your email.

Tags: CybersecurityMicrosoftMicrosoft DefenderMicrosoft OfficeMicrosoft WordSecurityWindows

Post navigation

Previous: Xbox Game Pass gets amazing new additions, including Age of Mythology: Retold, Train Sim World 5, and more
Next: Microsoft to reveal rebranding and ambitious “next phase of Copilot” in last-minute “Wave 2” pop up event on September 16, 2024

Related Stories

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10
  • News
  • XBOX and Gaming

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10

Dave W. Shanahan 14 hours ago 0
XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week
  • News
  • XBOX and Gaming

XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week

Dave W. Shanahan 2 days ago 0
Microsoft Frontier Company: Microsoft's $2.5B Bet On Trusted Enterprise AI Transformation
  • News
  • Enterprise

Microsoft Frontier Company: Microsoft’s Big $2.5B Bet On Trusted Enterprise AI Transformation

Dave W. Shanahan 2 days ago 0

AccessibilityAmazonAndroidAuthenticationAzureCall of DutyCopilotCybersecurityDeveloperEnterpriseFree Play DaysGamingGenerative AIGitHubGoogleLinkedinMicrosoftMicrosoft 365Microsoft 365 CopilotMicrosoft CopilotMicrosoft EdgeMicrosoft StoreMicrosoft TeamsNext Week on XBOXOpenAIOutlookPatch TuesdayPrivacySecuritySettingsSharePointSurfaceTwitterWindowsWindows 10Windows 11Windows InsiderXBOXXBOX Game PassXBOX Game Pass UltimateXBOX OneXBOX Play AnywhereXBOX Series XXBOX Series X|SXBOX Wire

Useful Links

  • AI and Copilot (249)
  • Azure & Cloud (35)
  • Developers (3)
  • Enterprise (4)
  • How To Guides (99)
  • Microsoft 365/Office (97)
  • Microsoft Announcements (97)
  • News (1,272)
  • Security (78)
  • Surface (47)
  • Windows (168)
  • XBOX and Gaming (418)

You May Have Missed

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10
  • News
  • XBOX and Gaming

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10

Dave W. Shanahan 14 hours ago 0
XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week
  • News
  • XBOX and Gaming

XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week

Dave W. Shanahan 2 days ago 0
Microsoft Frontier Company: Microsoft's $2.5B Bet On Trusted Enterprise AI Transformation
  • News
  • Enterprise

Microsoft Frontier Company: Microsoft’s Big $2.5B Bet On Trusted Enterprise AI Transformation

Dave W. Shanahan 2 days ago 0
Microsoft Teams Rolls Out Smarter Bot Protection To Keep Unwanted AI Out Of Your Meetings
  • News
  • Microsoft 365/Office

Smarter Microsoft Teams Bot Protection Rolls Out To Keep Unwanted AI Out Of Your Meetings

Dave W. Shanahan 3 days ago 0
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy
Copyright © 2026 All rights reserved. ReviewNews by AF themes.

    %d