Microsoft Word Vulnerability Goes Public, Users Wondering If a ‘RTF’ Means ‘Risky Text File’

A proof-of-concept (PoC) for a critical vulnerability in Microsoft Word that allows remote code execution has been published. Assigned a severity score of 9.8 out of 10, the vulnerability was addressed in the February Patch Tuesday security updates, but workarounds also exist. Security researcher Joshua Drake discovered the vulnerability and sent Microsoft a technical advisory containing PoC code showing that the issue is exploitable. A remote attacker could potentially use the vulnerability to execute code with the same privileges as the victim that opens a malicious .RTF document. Microsoft warns that users don’t have to open a malicious RTF document and simply loading the file in the Preview Pane is enough for the compromise to start. The vulnerability has not yet been exploited in the wild, but users are urged to install the security update from Microsoft as the safest way to deal with the issue. If the security update cannot be applied some mitigations are available in the links below:

https://www.picussecurity.com/resource/blog/cve-2023-21716-microsoft-word-remote-code-execution-exploit-explained

https://www.bleepingcomputer.com/news/security/proof-of-concept-released-for-critical-microsoft-word-rce-bug/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716

.