This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 96%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENT%3C/text%3E%3C/svg%3E)
Does CVE-2023-36884 impact Windows 10 with office 365 2302 or later installed?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Microsoft 365 Semi-Annual Channel version 2302 (and all later versions) are protected from this vulnerability. Please see Update history for Microsoft 365 Apps (listed by date) for information about those channels and their versions.
Hello
Yes, the vulnerability CVE-2023-36884 impacts Microsoft Office and Windows HTML. Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. However, I couldn’t find any specific information about whether it impacts Windows 10 with Office 365 version 2302 or later. You can check the Microsoft Security Response Center for updates and more information. It’s always a good idea to keep your software up to date with the latest security patches.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
Wesley,
Per the link you provided,
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
You will see the following as part of the answer in the FAQ section.
"Microsoft 365 Semi-Annual Channel version 2302 (and all later versions) are protected from this vulnerability.."
Per the link provided,
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
You will see the following as part of the answer in the FAQ section.
"Microsoft 365 Semi-Annual Channel version 2302 (and all later versions) are protected from this vulnerability.."My concern is if you do not have office installed on the computer, like on servers, are you still vulnerable to this vulnerability? The article above indicates that all Microsoft operating systems are vulnerable, but also indicates the following:
"Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file."
I am still wondering if this impacts all windows operating systems even if office is not installed.
