Is NuGenesis affected by the CVE-2023-36884 vulnerability, or by Microsoft's recommended mitigations for that defect? - WKB266692
Article number: 266692
ENVIRONMENT
- NuGenesis 9
- NuGenesis 8
ANSWER
CVE-2023-36884 conerns a remote-code execution vulnerability in Microsoft Office applications. Per the description of this CVE as of July 2023, Office applications can start process in the system when sent carefully crafted documents from an attacker. Microsoft's recommended mitigations—in the absence of a patch—are to disallow the creation of processes by Office apps.
NuGenesis does not invoke processes via Microsoft Office; therefore, neither SDMS nor LMS are affected by CVE-2023-36884, nor by the recommended mitigations.
ADDITIONAL INFORMATION
id266692, NGLMS, NGLMSLIC, NGLMSOPT, SDMS, SDMS8, SDMS8NU, SUPISDMS, SUPNG