Vulnerability Management

Critical Microsoft Word RCE exploit issued

BleepingComputer reports that a tweet-sized proof-of-concept exploit has been released by security researcher Joshua Drake for a critical Microsoft Word flaw, tracked as CVE-2023-21716, which could be leveraged for remote code execution. Such a vulnerability, which was identified by Drake within Microsoft Office's "wwlib.dll" and has been addressed by Microsoft in last month's Patch Tuesday, could enable both remote and arbitrary code execution, according to Drake, who showed the heap corruption issue in the PoC. No evidence has been found to suggest ongoing active exploitation of the flaw, with Microsoft downplaying the possibility of an attack leveraging the bug. Aside from patches, Microsoft has also offered workarounds for the bug, including email reading in plain text format and the activation of the Microsoft Office File Block policy although the latter could prove challenging. "If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system," said Microsoft.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.