Vulnerability

Microsoft Word RCE vulnerability

This live blog contains information regarding the Microsoft Word RCE vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on March 7, 2023.

Clip path group@2x

T-Update

Information about vulnerabilities

This live blog contains information regarding the Microsoft Word RCE vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on March 7, 2023.

Update March 7, 2023

18:30 | On the 14th of February 2023, Microsoft published their Patch Tuesday updates in which they describe CVE-2023-21716. This vulnerability is a heap corruption vulnerability in Microsoft Word’s RTF parser and allows an unauthenticated attacker to execute arbitrary code or commands with the victim’s privileges.

The vulnerability can be triggered for example by an attachment in an email. Users don’t have to open a malicious RTF document. Simply loading the file in the Preview Plane of, for example, Microsoft Outlook is enough to compromise the system.

On the 5th of March 2023, a proof-of-concept exploit was published. Microsoft has published patches and several workarounds. It is advised to apply any of the mitigative actions.


Versie Kwetsbaar Vervolgactie
1.1 Ja Neem contact op
1.2 Nee Geen 
1.3 Nee Geen
1.4 Nee Geen
Customized cyber security

Background

On the 14th of February 2023, Microsoft published their Patch Tuesday updates in which they describe CVE-2023-21716. This vulnerability is a heap corruption vulnerability in Microsoft Word’s RTF parser and allows an unauthenticated attacker to execute arbitrary code or commands with the victim’s privileges. On the 5th of March 2023, a proof-of-concept exploit was published. Microsoft has published patches and several workarounds. It is advised to apply any of the mitigative actions.

Risk

The vulnerability CVE-2023-21716 has a CVSS score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact. The CVE-2023-21716 vulnerability is a heap corruption vulnerability in Microsoft Word’s RTF parser and allows an unauthenticated attacker to execute arbitrary code or commands with the victim’s privileges. Users don’t have to open a malicious RTF document. Simply loading the file in the Preview Plane of, for example, Microsoft Outlook is enough to compromise the system.

Microsoft stated there is no indication that the vulnerability is being exploited in the wild. However, now exploit code is publicly available, a larger pool of attackers starts using the vulnerability.

Advice

The vulnerability exists in the following products:

  • Microsoft 365 Apps for Enterprise 32-bit and 64-bit editions
  • Microsoft Office
    • Office 2019
  • Office LTSC 2021
  • Office Online Server
    • Office Web Apps Server 2013 Service Pack 1
  • Microsoft Word
    • Word 2013
      • for RT SP1, SP1 32-bit and SP1 64-bit editions
    • Word 2016
      • for 32-bit and 64-bit editions
    • Microsoft SharePoint
      • Enterprise Server 2013 Service Pack 1
      • Enterprise Server 2016
      • Foundation 2013 Service Pack 1
      • Server 2019
      • Server Subscription Edition
      • Server Subscription Edition Language Pack

Microsoft has published patches and several workarounds. It is advised to apply any of the mitigative actions.

If patching the vulnerability is not an option, it is advised to apply the workarounds given by Microsoft: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716.

Ellipse 6

Sign up to receive T-Updates

Receive the latest vulnerabilities in your email every Wednesday

More than 1,000 organisations have already joined us.

Tesorion gebruikt jouw gegevens voor het versturen van de gevraagde informatie. Daarnaast worden je gegevens mogelijk gebruikt voor commerciële opvolging. Je kunt je op elk gewenst moment hiervoor afmelden via de link in de e-mail. Lees voor meer informatie ons privacybeleid.

Ellipse 6