Forum Discussion
CVE-2023-36884 remediation impact
Recently the Security Vulnerability CVE-2023-36884 was announced as well as the remediation steps to mitigate the vulnerability.
One of the remediation is to make changes or add the registry key
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION
I'd like to know what kind of impact will this registry do if implemented?
Thank you in advance
It is best to choose several computers, perform a test - this is the easiest way, it does not seem that you will get an answer here.
In addition, errors are less of a threat than an attack using a vulnerability.
9 Replies
Hi HaziqNi,
Multiple customers had issues due to the latest Outlook Desktop July 11th security updates. If needed, please check the workaround in this article:
https://support.microsoft.com/en-us/office/outlook-blocks-opening-fqdn-and-ip-address-hyperlinks-after-installing-pHi HaziqNi,
Microsoft is afraid to turn it off themselves because they are afraid that it might break too many existing things. This is one of those features that Microsoft should never have made possible. They knew the dangers since IE 9.0.1 in 2011.
Anyway, customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit. In addition, customers who use Microsoft 365 Apps (Versions 2302 and later) are protected from exploitation of the vulnerability via Office.- Hi MathieuVandenHautte, thanks for the info, i don't recall seeing any info on Microsoft 365 Apps (Versions 2302 and later) are protected from exploitation of the vulnerability via Office. I'll shall look into this thank you!
My organization's Vulnerability Scanner mentioned that we are required to implement the registry remediation process since we do not use Microsoft Defender for Office, hence why my original question is to identify what impact will it bring from the remediation before I proceed with any change.It is best to choose several computers, perform a test - this is the easiest way, it does not seem that you will get an answer here.
In addition, errors are less of a threat than an attack using a vulnerability.
HaziqNi Hi,
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36884 Security Update Guide - Loading - Microsoft
I hope this will be helpful.
- Hello A1, this is where I got the remediation from, it mentioned that "it could affect regular functionality for certain use cases related to these applications."
I'd like to know what kind of affect it might do and whether or not the impact is significant or not.https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
I understand the question, but I'm not an expert in the field, I can't find an explanation either.
I will ask the manager to move to the right place
Good luck.
