On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to be of critical severity, Microsoft assessed at the time of publication that the vulnerability was “less likely” to be exploited, and no proof-of-concept exploit was available. Microsoft also noted that the vulnerability may be exploited through the Preview Pane in Microsoft Outlook.
On March 5, 2023, a proof-of-concept exploit for CVE-2023-21716 was released on Twitter by a security researcher. This exploit allows documents to be crafted that leverage CVE-2023-21716 to cause an application crash in Microsoft Word. Arctic Wolf Labs assesses with high confidence that the publication of this proof-of-concept exploit will draw the attention of threat actors widely, who will seek to further weaponize this vulnerability for use in email-based social engineering attacks.
Techniques to abuse Microsoft Office documents are frequently sought after and weaponized by threat actors. By injecting arbitrary code into documents that are attached by email, they are able to gain initial access to an environment, allowing them ultimately to move laterally and cause more damage. VBA macros have been abused by threat actors for this purpose, and Microsoft recently disabled VBA macros by default for documents downloaded from the web.
Recommendations for CVE-2023-21716
Recommendation: Apply Security Updates to Impacted Products
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.
Note: Arctic Wolf recommends following change management best practices for deploying security patches, including testing changes in a test environment before deploying to production to avoid operational impact.
Affected Products
Product | Update |
Microsoft 365 Apps for Enterprise Microsoft Office LTSC Microsoft Office 2019 Microsoft Office Web Apps Server 2013 Microsoft Office Online Server Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server Subscription Edition Microsoft Word 2016 Microsoft Word 2013 Microsoft Word 2013 RT |
Review “Security Updates” section on the following advisory for download links: Security Update Guide – Microsoft Security Response Center |
Microsoft Office LTSC for Mac 2021
Microsoft Office 2019 for Mac |
Review “Security Updates” section on the following advisory for download links: Security Update Guide – Microsoft Security Response Center |