The security gap CVE-2023-21716 It affects multiple versions of Microsoft Office, SharePoint, and Microsoft 365 apps released by the company last month.
CVE-2023-21716 was discovered and disclosed privately by security researcher Joshua J. Drake in November 2022.
This is a heap corruption vulnerability in Microsoft Word's RTF parser that, if enabled, allows attackers to achieve remote implementation code with the victim's privileges.
The flaw does not require any authentication: attackers can simply send one archive RTF containing the exploit to the victim via email.
“Microsoft Office 2010 and other later versions use Protected View to limit the damage caused by malicious documents from untrusted sources. Protected View is in effect when this vulnerability occurs and therefore an additional sandbox is required," Drake said in the report sent to Microsoft.
https://twitter.com/jduck/status/1632471544935923712
His report also includes a proof-of-concept PoC (a Python script) that can be used to create a file that triggers the vulnerability.
What can you do:
- Configure Microsoft Outlook to read all messages in plain text.
- Use the Microsoft Office file blocking policy to prevent Office from opening RTF documents from unknown or untrusted sources.