CVE-2023-36884: 
vulnerability analysis and mitigation

CVE-2023-36884 is a Windows Search Remote Code Execution Vulnerability discovered in July 2023. The vulnerability affects Microsoft Windows and Office products, allowing attackers to perform remote code execution through specially-crafted Microsoft Office documents. Microsoft has confirmed targeted attacks against defense and government entities in Europe and North America, particularly related to the Ukrainian World Congress (Microsoft MSRC).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization). The attack requires user interaction, as the victim needs to open a malicious file for successful exploitation (NVD).

If successfully exploited, the vulnerability allows attackers to perform remote code execution in the context of the victim. This means attackers could potentially execute arbitrary code, gain the same privileges as the compromised user, and take control of the affected system (Hacker News).

Microsoft recommends using the 'Block all Office applications from creating child processes' attack surface reduction (ASR) rule as a mitigation measure. Additionally, Microsoft 365 Semi-Annual Channel version 2302 and later versions are protected from this vulnerability (Microsoft Answers).