CVE-2023-36009: 
vulnerability analysis and mitigation

Microsoft Word Information Disclosure Vulnerability (CVE-2023-36009) was identified and disclosed in December 2023. This vulnerability affects multiple versions of Microsoft Office products including Microsoft 365 Apps Enterprise, Office 2016, Office 2019, and Office 2021 LTSC for both x64 and x86 architectures (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, with potential high impact on confidentiality but no impact on integrity or availability (Microsoft CVE).

The vulnerability could lead to information disclosure in Microsoft Word. When successfully exploited, it could allow an attacker to access sensitive information with high confidentiality impact (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the security update KB5002520 for affected versions of Microsoft Word. The update is available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center (Microsoft Support).