Microsoft: Unpatched Office zero-day exploited in NATO summit attacks

Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents. Unauthenticated attackers can exploit the vulnerability (tracked as CVE-2023-36884) in high-complexity attacks without requiring user interaction.