BleepingComputer reports that a tweet-sized proof-of-concept exploit has been released by security researcher Joshua Drake for a critical Microsoft Word flaw, tracked as CVE-2023-21716, which could be leveraged for remote code execution.
Such a vulnerability, which was identified by Drake within Microsoft Office's "wwlib.dll" and has been addressed by Microsoft in last month's Patch Tuesday, could enable both remote and arbitrary code execution, according to Drake, who showed the heap corruption issue in the PoC.
No evidence has been found to suggest ongoing active exploitation of the flaw, with Microsoft downplaying the possibility of an attack leveraging the bug. Aside from patches, Microsoft has also offered workarounds for the bug, including email reading in plain text format and the activation of the Microsoft Office File Block policy although the latter could prove challenging.
"If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system," said Microsoft.
SiliconAngle reports that more companies have been conducting purple team cybersecurity threat evaluations, with security penetration testing firm SpecterOps being the latest to create a collaboration between its offensive and defensive cybersecurity teams in testing and defending corporate systems.