In February, Microsoft released a patch for a critical vulnerability in Word, SharePoint, Office 365, and Office for Mac that could allow remote code execution. As such, we are issuing this advisory to call this to your attention and asking you to update your devices now.
IMPACT
The vulnerability CVE-2023-21716 is of low complexity and could be exploited by sending an email with a rich text format (RTF) payload that, when opened or viewed in Outlook’s “Preview Pane”, leads to command execution. A proof-of-concept for this vulnerability was released last weekend and could be a sign of upcoming malware campaigns.
VERSIONS AFFECTED
· Microsoft Office 2019 for 32-bit editions
· Microsoft Office 2019 for 64-bit editions
· Microsoft Word 2013 Service Pack 1 (64-bit editions)
· Microsoft Word 2013 RT Service Pack 1
· Microsoft Word 2013 Service Pack 1 (32-bit editions)
· Microsoft SharePoint Foundation 2013 Service Pack 1
· Microsoft SharePoint Foundation 2013 Service Pack 1
· Microsoft Office Web Apps Server 2013 Service Pack 1
· Microsoft Word 2016 (32-bit edition)
· Microsoft Word 2016 (64-bit edition)
· Microsoft SharePoint Server 2019
· Microsoft SharePoint Server 2019
· Microsoft SharePoint Enterprise Server 2013 Service Pack 1
· Microsoft SharePoint Enterprise Server 2013 Service Pack 1
· Microsoft SharePoint Enterprise Server 2013 Service Pack 1
· Microsoft SharePoint Enterprise Server 2016
· Microsoft 365 Apps for Enterprise for 64-bit Systems
· Microsoft Office 2019 for Mac
· Microsoft Office Online Server
· SharePoint Server Subscription Edition Language Pack
· Microsoft 365 Apps for Enterprise for 32-bit Systems
· Microsoft Office LTSC 2021 for 64-bit editions
· Microsoft SharePoint Server Subscription Edition
· Microsoft SharePoint Server Subscription Edition
· Microsoft Office LTSC 2021 for 32-bit editions
· Microsoft Office LTSC for Mac 2021
RECOMMENDATIONS
Apply the appropriate KB from https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716. If patching is not possible, MS recommends reading emails in plain text format or using the Office File Block policy to prevent RTF documents. Instructions on how to enable both options can be found in the link above and in the references section below.
If you are running an older no longer supported version of Microsoft software (see: https://learn.microsoft.com/en-us/deployoffice/endofsupport/resources), you may be eligible for a free upgrade. See https://www.bu.edu/tech/services/cccs/desktop/distribution/microsoft/
REFERENCES
[1] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716
[2] https://www.cyberkendra.com/2023/03/researchers-released-ms-office-zero-day.html
[3] https://www.bleepingcomputer.com/news/security/proof-of-concept-released-for-critical-microsoft-word-rce-bug/
[4] https://support.microsoft.com/en-us/office/change-the-message-format-to-html-rich-text-format-or-plain-text-338a389d-11da-47fe-b693-cf41f792fefa?ui=en-us&rs=en-us&ad=us