Project Hyphae
Search

Microsoft Word Vulnerability Goes Public, Users Wondering If a ‘RTF’ Means ‘Risky Text File’

Share This Post

A proof-of-concept (PoC) for a critical vulnerability in Microsoft Word that allows remote code execution has been published. Assigned a severity score of 9.8 out of 10, the vulnerability was addressed in the February Patch Tuesday security updates, but workarounds also exist. Security researcher Joshua Drake discovered the vulnerability and sent Microsoft a technical advisory containing PoC code showing that the issue is exploitable. A remote attacker could potentially use the vulnerability to execute code with the same privileges as the victim that opens a malicious .RTF document. Microsoft warns that users don’t have to open a malicious RTF document and simply loading the file in the Preview Pane is enough for the compromise to start. The vulnerability has not yet been exploited in the wild, but users are urged to install the security update from Microsoft as the safest way to deal with the issue. If the security update cannot be applied some mitigations are available in the links below:

https://www.picussecurity.com/resource/blog/cve-2023-21716-microsoft-word-remote-code-execution-exploit-explained

https://www.bleepingcomputer.com/news/security/proof-of-concept-released-for-critical-microsoft-word-rce-bug/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716

.



Reach out to our incident response team for help

More To Explore

Information Security News 8-26-2024

Major Backdoor in Millions of RFID Cards Allows Instant Cloning Article Link: https://www.securityweek.com/major-backdoor-in-millions-of-rfid-cards-allows-instant-cloning Georgia Tech Sued Over Cybersecurity Violations https://www.infosecurity-magazine.com/news/georgia-tech-sued-cybersecurity Halliburton Hit by Cyberattack, Operations

Information Security News 8-19-2024

Hackers Leak 2.7 Billion Data Records with Social Security Numbers Article Link: https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers DDoS Attacks Surge 46% in First Half of 2024 Article Link: https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.