https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551520#M4845 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;</P> <P>Thanks for highlighting. Let me check and will update here on this.</P> <P>&nbsp;</P> <P>Thank You</P> Fri, 28 Jul 2023 04:42:12 GMT PiyushKohli 2023-07-28T04:42:12Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/549079#M4748 <P>Hello dear LIVEcommunity!</P> <P>&nbsp;</P> <P>Should we follow the recommendation from microsoft or does cortex xdr pro cover this CVE?&nbsp;</P> <P>&nbsp;</P> <P><A href="https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/" target="_blank">https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/</A></P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Wed, 12 Jul 2023 12:26:39 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/549079#M4748 RFeyertag 2023-07-12T12:26:39Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/549099#M4749 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>We have not yet found any internal updates on the same and would request you to open a support case for coverage assessments. We would be happy to hear from you in circumstance, you get any updates for the same.</P> <P>&nbsp;</P> <P>Please feel free to mark the response as "Accept as Solution" if it answers your query</P> Wed, 12 Jul 2023 12:50:13 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/549099#M4749 neelrohit 2023-07-12T12:50:13Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/549171#M4754 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;,</P> <P>&nbsp;</P> <P>As per some latest updates, you can find updated information on coverage on our unit42 blog post: &nbsp;<A href="https://unit42.paloaltonetworks.com/cve-2023-36884-rce/" target="_blank">https://unit42.paloaltonetworks.com/cve-2023-36884-rce/</A></P> <P>&nbsp;</P> <P>hope this helps.</P> <P>&nbsp;</P> <P>please mark the response as “Accept as Solution” if it answers your query so that others could navigate to this solution</P> Thu, 13 Jul 2023 03:15:34 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/549171#M4754 neelrohit 2023-07-13T03:15:34Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/549420#M4762 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/142551">@neelrohit</a>: Thank you very much!</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Fri, 14 Jul 2023 21:01:41 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/549420#M4762 RFeyertag 2023-07-14T21:01:41Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551498#M4842 <P>There are no queries like mentioned in the blog post:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RFeyertag_0-1690497235421.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/52324i4EC35476F28C38CC/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="RFeyertag_0-1690497235421.png" alt="RFeyertag_0-1690497235421.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Thu, 27 Jul 2023 22:34:23 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551498#M4842 RFeyertag 2023-07-27T22:34:23Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551520#M4845 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;</P> <P>Thanks for highlighting. Let me check and will update here on this.</P> <P>&nbsp;</P> <P>Thank You</P> Fri, 28 Jul 2023 04:42:12 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551520#M4845 PiyushKohli 2023-07-28T04:42:12Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551555#M4849 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;</P> <P>These are probably not the queries mentioned in the threat brief but Palo Alto released a XSOAR playbook. In this playbook you can find some XQL hunting queries.</P> <P><A href="https://cortex.marketplace.pan.dev/marketplace/details/CVE_2023_36884__Microsoft_Office_and_Windows_RCE/" target="_blank">https://cortex.marketplace.pan.dev/marketplace/details/CVE_2023_36884__Microsoft_Office_and_Windows_RCE/</A></P> <P>&nbsp;</P> Fri, 28 Jul 2023 08:56:09 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551555#M4849 micomi 2023-07-28T08:56:09Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551682#M4861 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/41187">@micomi</a>!&nbsp;</P> <P>&nbsp;</P> <P>I think one of these scripts needs some adjustment (the other Office Applications are missing too):&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RFeyertag_1-1690722159734.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/52362iD9D5F695F5B9C57B/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="RFeyertag_1-1690722159734.png" alt="RFeyertag_1-1690722159734.png" /></span></P> <P>Maybe you can forward it to the right people?&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 30 Jul 2023 13:04:07 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551682#M4861 RFeyertag 2023-07-30T13:04:07Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551717#M4864 <P>Hi&nbsp;&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;</P> <P>Good point but I can't forward this to the right people. I'm not from Palo Alto but perhaps someone else can forward this topic</P> <P>&nbsp;</P> Mon, 31 Jul 2023 05:43:57 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/551717#M4864 micomi 2023-07-31T05:43:57Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/552175#M4885 <P>Hey,</P> <P>&nbsp;</P> <P>We've released a fix for that XQL query. Will be available in the marketplace soon.</P> <P>&nbsp;</P> <P>Ben</P> Wed, 02 Aug 2023 10:18:58 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cve-2023-36884-does-cortex-xdr-pro-cover-this-cve/m-p/552175#M4885 bmelamed 2023-08-02T10:18:58Z