Voyager18 (research)

How to fix CVE-2023-21716 in Microsoft Word

Learn about the Microsoft Word Remote Code Execution Exploit, CVE-2023-21716, explained in detail in this blog post.

Gal Gonen | March 09, 2023

Over the weekend, a proof-of-concept (PoC) was released for CVE-2023-21716, which is a severe vulnerability found in Microsoft Word. This vulnerability can be exploited to execute remote code and has been assigned a high severity score of 9.8 out of 10. Microsoft released security updates in February’s Patch Tuesday, which included a few workarounds to address this issue.

Here’s what you need to know.

What is CVE-2023-21716?

CVE-2023-21716 is a heap corruption vulnerability found in Microsoft Office Word’s RTF parser. 

Over the weekend, a proof-of-concept (PoC) for this vulnerability, that allows remote code execution, was released. 

The vulnerability was privately disclosed to Microsoft in November 2022 (by security researcher Joshua Drake), and the company released relevant patches in their Patch Tuesday updates on February 2023.

CVE-2023-21716 has a CVSS score of 9.8 and affects a wide range of Microsoft products including; Microsoft Office, SharePoint, and 365 Apps versions.


Does CVE-2023-21716 affect me?

When exploited, a remote attacker could potentially take advantage of the issue to execute code with the same privileges as the victim that opens a malicious ‘RTF document’. Delivering the malicious file to a victim can be as easy as an attachment to an email, although plenty of other methods exist.

Affected products include; Microsoft 365 applications, MS office, MS word, MS SharePoint. 

Has it been actively exploited in the wild?

At the moment there is no indication that the vulnerability is being exploited in the wild and Microsoft’s current assessment is that taking advantage of the issue is “less likely.”

Fixing CVE-2023-21716

As always, Installing Microsoft’s security updates remains the safest way to deal with the vulnerability. Workarounds, such as reading emails in plain text format or enabling the Microsoft Office File Block policy, are available.  

Next steps

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:

  1. VulnRX – vulnerability fix database
  2. MITRE ATTACK framework – Mapping techniques to CVEs 
  3. CISA’S KEV additions – fix these threats to IT management systems
  4. How to properly tackle zero-day threats 
  5. OWASP Top 10 vulnerabilities 2022: what we learned

And finally…

Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy