Exploit for Vulnerability in Microsoft CVE-2023-36884

Name: Exploit for Vulnerability in Microsoft CVE-2023-36884
Rating: 5 (331 reviews)
2023-07-17 | CVSS 5.1
## https://sploitus.com/exploit?id=0D90F437-79A8-55FE-859E-212240721454
# CVE-2023-36884-Checker

Script to check for CVE-2023-36884 hardening https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

## Goal

This scripts checks if Microsoft hardening recommendations are properly applied.

Microsoft says https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 that:
```
Add the following application names to this registry key as values of type REG_DWORD with data 1.:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION

    Excel.exe
    Graph.exe
    MSAccess.exe
    MSPub.exe
    Powerpnt.exe
    Visio.exe
    WinProj.exe
    WinWord.exe
    Wordpad.exe
```

### How to use

Simply execute the `cve-2023-36884-checker.ps1` code and you will see the results as shown below.

To run the script once downloaded:

```
powershell -ExecutionPolicy Bypass .\cve-2023-36884-checker.ps1
```

/!\ This script does NOT require admin rights /!\

Note : you can also use this excellent script which has more options if needed https://github.com/myusefulrepo/Tips/blob/master/CVE-2023-36884-Check%26Mitigation.ps1 (thanks to Olivier @Rapidhands)

### Apply or remove mitigations for CVE-2023-36884

You can also execute `mitigate-cve-2023-36884.ps1` to apply mitigations provided by Microsoft, or `remove-mitigations-cve-2023-36884.ps1` to remove those mitigations if needed later.

```
# To apply mitigations
powershell -ExecutionPolicy Bypass .\mitigate-cve-2023-36884.ps1
# To remove mitigations
powershell -ExecutionPolicy Bypass .\remove-mitigations-cve-2023-36884.ps1
```

/!\ These scripts REQUIRE admin rights /!\

Please note that these scripts change your registry values and thus might break your system. If so, that's your own responsibility.

## Results of the CVE-2023-36884 checker

Here are some examples of the results when running `cve-2023-36884-checker.ps1`.

### If mitigation is totally enforced
```
DEBUG:OK, Excel.exe has CVE-2023-36884 mitigation enabled
DEBUG:OK, Graph.exe has CVE-2023-36884 mitigation enabled
DEBUG:OK, MSAccess.exe has CVE-2023-36884 mitigation enabled
DEBUG:OK, MSPub.exe has CVE-2023-36884 mitigation enabled
DEBUG:OK, PowerPnt.exe has CVE-2023-36884 mitigation enabled
DEBUG:OK, Visio.exe has CVE-2023-36884 mitigation enabled
DEBUG:OK, WinProj.exe has CVE-2023-36884 mitigation enabled
DEBUG:OK, WinWord.exe has CVE-2023-36884 mitigation enabled
DEBUG:OK, Wordpad.exe has CVE-2023-36884 mitigation enabled
META:hardening-CVE-2023-36884|OK
```

### If mitigation is not enforced at all

```
DEBUG:KO, Excel.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, Graph.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, MSAccess.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, MSPub.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, PowerPnt.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, Visio.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, WinProj.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, WinWord.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, Wordpad.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
META:hardening-CVE-2023-36884|KO
```

### If mitigation is partially enforced

```
DEBUG:KO, Excel.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, Graph.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, MSAccess.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, MSPub.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, PowerPnt.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, Visio.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:KO, WinProj.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
DEBUG:OK, WinWord.exe has CVE-2023-36884 mitigation enabled
DEBUG:KO, Wordpad.exe FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION should be set to 1
META:hardening-CVE-2023-36884|KO
```

## License

MIT