FortiGuard Labs is aware of a new proof of concept released over the weekend for CVE-2023-21716 (Microsoft Word Remote Code Execution Vulnerability).Patched in the February Microsoft Monthly Security Release, CVE-2023-21716 is a vulnerability within Microsoft Office’s wwlib which allows attackers to achieve remote code execution on a targeted machine via the use of a maliciously crafted RTF document. What makes this vulnerability dangerous is that It does not require any user interaction. As a proof of concept is now available, this makes exploitation even more likely as it does not require any legwork or additional development by an attacker.What are the technical details of the CVE-2023-21716?The RTF parser in Microsoft Word is susceptible to a heap corruption vulnerability when dealing with a font table containing an excessive number of fonts. The font ID value is corrupted because it loads upper bits from the EDX data register which is used for arithmetic and logical operations and contains appended writes of ffff, which will then corrupt the heap via an out of bounds memory write.What is the CVSS score for CVE-2023-21716?The CVSS score is 9.8 (CRITICAL).Are Patches Available?Yes, Microsoft published patches in the February 14, 2023 Patch Tuesday update.What Versions of Microsoft Office are Vulnerable?Unpatched versions vulnerable are:Microsoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Word 2013 Service Pack 1 (64-bit editions)Microsoft Word 2013 RT Service Pack 1Microsoft Word 2013 Service Pack 1 (32-bit editions)Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Word 2016 (32-bit edition)Microsoft Word 2016 (64-bit edition)Microsoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Office 2019 for MacMicrosoft Office Online ServerSharePoint Server Subscription Edition Language PackMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Office LTSC 2021 for 64-bit editionsMicrosoft SharePoint Server Subscription EditionMicrosoft Office LTSC 2021 for 32-bit editionsMicrosoft Office LTSC for Mac 2021to CVE-2023-27176 are:Microsoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Word 2013 Service Pack 1 (64-bit editions)Microsoft Word 2013 RT Service Pack 1Microsoft Word 2013 Service Pack 1 (32-bit editions)Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Word 2016 (32-bit edition)Microsoft Word 2016 (64-bit edition)Microsoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Office 2019 for MacMicrosoft Office Online ServerSharePoint Server Subscription Edition Language PackMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Office LTSC 2021 for 64-bit editionsMicrosoft SharePoint Server Subscription EditionMicrosoft Office LTSC 2021 for 32-bit editionsMicrosoft Office LTSC for Mac 2021What are the Details of Coverage?FortiGuard Labs is currently assessing IPS signature creation based on available proof of concept code. This Threat Signal will be updated once this information is available.Any Suggested Mitigation?FortiGuard Labs suggests that all users of affected versions of Microsoft Office patch immediately. If this is not an option, other mitigations suggested by Microsoft include reading emails in plain text only format and utilizing the Microsoft Office File Block policy, which prevents RTF documents from being previewed or opened without user interaction. Further mitigation guidance from Microsoft can be found under “Microsoft Word Remote Code Execution Vulnerability” In the APPENDIX.
More Stories
mupdf-1.24.6-2.fc40
FEDORA-2024-bfc5e25437 Packages in this update: mupdf-1.24.6-2.fc40 Update description: fix CVE-2024-46657 (rhbz#2331626) Read More
mupdf-1.21.1-6.el9
FEDORA-EPEL-2024-94a20f339a Packages in this update: mupdf-1.21.1-6.el9 Update description: fix CVE-2024-46657 (rhbz#2331625) Read More
DSA-5837-1 fastnetmon – security update
Two security issues have been discovered in FastNetMon, a fast DDoS analyzer: Malformed Netflow/sFlow traffic could result in denial of...
DSA-5836-1 xen – security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information...
DSA-5835-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-54479 Seunghyun Lee discovered that processing maliciously crafted web...
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More