Proof-of-Concept Exploit Released for Critical Vulnerability in Microsoft Word (CVE-2023-21716)

Share :

On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to be of critical severity, Microsoft assessed at the time of publication that the vulnerability was “less likely” to be exploited, and no proof-of-concept exploit was available. Microsoft also noted that the vulnerability may be exploited through the Preview Pane in Microsoft Outlook. 

On March 5, 2023, a proof-of-concept exploit for CVE-2023-21716 was released on Twitter by a security researcher. This exploit allows documents to be crafted that leverage CVE-2023-21716 to cause an application crash in Microsoft Word. Arctic Wolf Labs assesses with high confidence that the publication of this proof-of-concept exploit will draw the attention of threat actors widely, who will seek to further weaponize this vulnerability for use in email-based social engineering attacks. 

Techniques to abuse Microsoft Office documents are frequently sought after and weaponized by threat actors. By injecting arbitrary code into documents that are attached by email, they are able to gain initial access to an environment, allowing them ultimately to move laterally and cause more damage. VBA macros have been abused by threat actors for this purpose, and Microsoft recently disabled VBA macros by default for documents downloaded from the web 

Recommendations for CVE-2023-21716

Recommendation: Apply Security Updates to Impacted Products 

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.  

Note: Arctic Wolf recommends following change management best practices for deploying security patches, including testing changes in a test environment before deploying to production to avoid operational impact. 

Affected Products 

Product  Update 
Microsoft 365 Apps for Enterprise
Microsoft Office LTSC
Microsoft Office 2019
Microsoft Office Web Apps Server 2013
Microsoft Office Online Server
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server Subscription Edition
Microsoft Word 2016
Microsoft Word 2013
Microsoft Word 2013 RT 
Review “Security Updates” section on the following advisory for download links: Security Update Guide – Microsoft Security Response Center  
Microsoft Office LTSC for Mac 2021 

Microsoft Office 2019 for Mac 

Review “Security Updates” section on the following advisory for download links: Security Update Guide – Microsoft Security Response Center  



Picture of Adrian Korn

Adrian Korn

Adrian Korn is a seasoned cyber security professional with 7+ years' experience in cyber threat intelligence, threat detection, and security operations. He currently serves as the Manager of Threat Intelligence Research at Arctic Wolf Labs. Adrian has been a guest speaker on intelligence related topics at numerous conferences around the world, including DEF CON's Recon Village, Hackfest, and the Australian OSINT Symposium.
Share :
Table of Contents
Subscribe to our Monthly Newsletter