Caution with Office documents from unknown senders - actively exploited vulnerability in Microsoft Office
A currently actively exploited vulnerability in Microsoft Office allows malicious code to be executed that has been injected into Office documents. This vulnerability (CVE-2023-36884, CVSS 8.3, high) has not been fixed by today's Microsoft patchday. We therefore ask you to be particularly careful with Office documents sent to you from unknown senders. Please do not open documents from unknown senders and ask the senders for a file in PDF format if necessary. The ITMC is working at full speed on a solution that minimizes the current danger for computers centrally managed by the ITMC.
UPDATE: All centrally managed computers are now protected. If you are working in a home office, please connect your computer to the VPN briefly to activate the setting
However, this protection is currently not yet active and will not apply to decentrally administered or locally installed Office workstations.
As soon as we hear from Microsoft that the vulnerability has been closed, we will issue a warning in this way.
More information can be found at:
https://www.heise.de/news/Patchday-Microsoft-meldet-fuenf-Zero-Days-teils-ohne-Update-9213685.html