This live blog contains information regarding the Microsoft Word RCE vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on March 7, 2023.
Update March 7, 2023
18:30 | On the 14th of February 2023, Microsoft published their Patch Tuesday updates in which they describe CVE-2023-21716. This vulnerability is a heap corruption vulnerability in Microsoft Word’s RTF parser and allows an unauthenticated attacker to execute arbitrary code or commands with the victim’s privileges.
The vulnerability can be triggered for example by an attachment in an email. Users don’t have to open a malicious RTF document. Simply loading the file in the Preview Plane of, for example, Microsoft Outlook is enough to compromise the system.
On the 5th of March 2023, a proof-of-concept exploit was published. Microsoft has published patches and several workarounds. It is advised to apply any of the mitigative actions.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
Vulnerability information
On the 14th of February 2023, Microsoft published their Patch Tuesday updates in which they describe CVE-2023-21716. This vulnerability is a heap corruption vulnerability in Microsoft Word’s RTF parser and allows an unauthenticated attacker to execute arbitrary code or commands with the victim’s privileges.
On the 5th of March 2023, a proof-of-concept exploit was published. Microsoft has published patches and several workarounds. It is advised to apply any of the mitigative actions.
Potential Risk
The vulnerability CVE-2023-21716 has a CVSS score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact. The CVE-2023-21716 vulnerability is a heap corruption vulnerability in Microsoft Word’s RTF parser and allows an unauthenticated attacker to execute arbitrary code or commands with the victim’s privileges. Users don’t have to open a malicious RTF document. Simply loading the file in the Preview Plane of, for example, Microsoft Outlook is enough to compromise the system.
Microsoft stated there is no indication that the vulnerability is being exploited in the wild. However, now exploit code is publicly available, a larger pool of attackers starts using the vulnerability.
Detail info
The vulnerability exists in the following products:
- Microsoft 365 Apps for Enterprise 32-bit and 64-bit editions
- Microsoft Office
- Office 2019
- Office LTSC 2021
- Office Online Server
- Office Web Apps Server 2013 Service Pack 1
- Microsoft Word
- Word 2013
- for RT SP1, SP1 32-bit and SP1 64-bit editions
- Word 2016
- for 32-bit and 64-bit editions
- Microsoft SharePoint
- Enterprise Server 2013 Service Pack 1
- Enterprise Server 2016
- Foundation 2013 Service Pack 1
- Server 2019
- Server Subscription Edition
- Server Subscription Edition Language Pack
- Word 2013
Microsoft has published patches and several workarounds. It is advised to apply any of the mitigative actions.
If patching the vulnerability is not an option, it is advised to apply the workarounds given by Microsoft: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716.
Sources
More information:
- Microsoft update-guide: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716
- The public exploit: https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md
Subscribe
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.
Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.
