CVE-2023-36884 - Does Cortex XDR Pro cover this CVE?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2023-36884 - Does Cortex XDR Pro cover this CVE?

L4 Transporter

Hello dear LIVEcommunity!

 

Should we follow the recommendation from microsoft or does cortex xdr pro cover this CVE? 

 

https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-esp...

 

BR

 

Rob

1 accepted solution

Accepted Solutions

Hi @RFeyertag ,

 

As per some latest updates, you can find updated information on coverage on our unit42 blog post:  https://unit42.paloaltonetworks.com/cve-2023-36884-rce/

 

hope this helps.

 

please mark the response as “Accept as Solution” if it answers your query so that others could navigate to this solution

View solution in original post

9 REPLIES 9

L5 Sessionator

Hi @RFeyertag ,

 

Thank you for writing to live community!

 

We have not yet found any internal updates on the same and would request you to open a support case for coverage assessments. We would be happy to hear from you in circumstance, you get any updates for the same.

 

Please feel free to mark the response as "Accept as Solution" if it answers your query

Hi @RFeyertag ,

 

As per some latest updates, you can find updated information on coverage on our unit42 blog post:  https://unit42.paloaltonetworks.com/cve-2023-36884-rce/

 

hope this helps.

 

please mark the response as “Accept as Solution” if it answers your query so that others could navigate to this solution

@neelrohit: Thank you very much!

 

BR

 

Rob

There are no queries like mentioned in the blog post:

 

RFeyertag_0-1690497235421.png

 

 

BR

 

Rob

L4 Transporter

Hi @RFeyertag 

Thanks for highlighting. Let me check and will update here on this.

 

Thank You

L2 Linker

Hi @RFeyertag 

These are probably not the queries mentioned in the threat brief but Palo Alto released a XSOAR playbook. In this playbook you can find some XQL hunting queries.

https://cortex.marketplace.pan.dev/marketplace/details/CVE_2023_36884__Microsoft_Office_and_Windows_...

 

Hello @micomi

 

I think one of these scripts needs some adjustment (the other Office Applications are missing too): 

 

RFeyertag_1-1690722159734.png

Maybe you can forward it to the right people? 

 

BR

 

Rob

 

 

 

 

L2 Linker

Hi  @RFeyertag 

Good point but I can't forward this to the right people. I'm not from Palo Alto but perhaps someone else can forward this topic

 

Hey,

 

We've released a fix for that XQL query. Will be available in the marketplace soon.

 

Ben

  • 1 accepted solution
  • 3339 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!