Executive Summary

CVE-2023-21716 is a Microsoft Word critical remote code execution vulnerability discovered last year, which has been patched in Microsoft’s February patch Tuesday. Security Researcher Joshua Drake has released a Proof of Concept (PoC) for the vulnerability and it’s so small it can fit in a tweet. The PoC requires the victim to simply just preview or open a malicious file, which could arrive in a multitude of ways, such as an email.

What’s the risk to my business?

Successful exploitation allows an attacker to remotely execute code, impacting the confidentiality, integrity and availability of the data held by an organisation.

What can I do?

The vulnerability was patched as part of Microsoft’s February patch Tuesday, so only unpatched versions of Microsoft Office Word remain vulnerable. It is therefore recommended to apply the patches if not done so already. Additionally, the impact can be mitigated by enabling protected view in Microsoft Office Word, which is enabled by default. Protected view is a read-only mode where most editing functions are disabled.

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

The proof of concept can be found here: https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md

Details for CVE-2023-21716 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21716