Microsoft is investigating reports that of unpatched remote code execution vulnerabilities in Windows and Office. To exploit the flaws, an attacker would need to convince the user to open a maliciously-crafted file. In a blog post, Microsoft Threat Intelligence says it “has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884.” More information here https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
