Windows - Security - Mitigate Office & Windows HTML RCE Vulnerability ( CVE-2023-36884 )

Introduction to the PowerShell-based Mitigate Office & Windows HTML RCE Vulnerability (CVE-2023-36884) Worklet

It's critically important to keep our computing environments secure in the face of ever-evolving threats. One such threat is the Windows HTML Remote Code Execution (RCE) Vulnerability, tagged CVE-2023-36884. 

This security loophole can allow an attacker to engage in remote code execution by exploiting a weakness in Microsoft Windows and Office. To combat this, we created the Mitigate Office & Windows HTML RCE Vulnerability Worklet. This is a PowerShell-based Worklet tailored to counteract this specific vulnerability.

Why would you use the Mitigate Office & Windows HTML RCE Vulnerability (CVE-2023-36884) Worklet?

The Worklet is an essential tool in mitigating zero-day vulnerabilities. While Microsoft Defender and other security solutions provide robust protection, they might not suffice in the face of a targeted RCE attack. This is because the vulnerability can lead to a malicious file creating child processes in your system, effectively allowing an attacker to perform remote code execution. The Worklet reduces your attack surface by modifying specific registry settings to counter this threat.

Components of the Mitigate Office & Windows HTML RCE Vulnerability (CVE-2023-36884) Worklet

This Worklet is composed of specific scripts and variables that interact with your system's registry. It targets the “SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION” registry key. 

The Worklet checks and modifies the values of multiple properties within this key, affecting applications such as Excel, Access, Powerpoint, Visio, and other Microsoft Office products. Key components include a 'revert' functionality, which can undo any changes made by the Worklet.

How does the Windows - Security - Mitigate Office & Windows HTML RCE Vulnerability (CVE-2023-36884) Worklet work?

The Worklet operates by scanning and modifying the system's registry. It opens the base registry key and checks if the targeted subkey exists. If the subkey doesn't exist, the Worklet creates it. It then evaluates all relevant properties, ensuring they align with the desired configuration to mitigate the vulnerability. 

When a property does not comply, the Worklet corrects its value. Importantly, every step of the process is logged, which aids in troubleshooting.

What is the expected outcome when you use the Mitigate Office & Windows HTML RCE Vulnerability (CVE-2023-36884) Worklet?

Upon successful exploitation of the Worklet, changes are made in the registry settings to curb the vulnerability. However, it's important to note that this Worklet can affect the regular functionality of some Microsoft Office and Windows HTML applications. 

Thorough review and testing are recommended before deployment. With accurate implementation, the Worklet is a highly effective tool in mitigating the CVE-2023-36884 vulnerability and safeguarding your system against potential RCE attacks.