Home > Cyber News > CVE-2023-21716: Critical RCE in Microsoft Word Could Be Weaponized by Ransomware Actors
CYBER NEWS

CVE-2023-21716: Critical RCE in Microsoft Word Could Be Weaponized by Ransomware Actors

The second Patch Tuesday for 2023 has just rolled out, fixing a total of 75 loopholes across various Microsoft products. Three zero-days were fixed, as well as a critical RCE bug in Microsoft Word which could easily be exploited by ransomware operators (CVE-2023-21716). These fixes are an addition to the 22 separate vulnerabilities in the Edge browser the company fixed a few days ago.

In case you did not know, Patch Tuesday is the second Tuesday of each month, when Microsoft releases security patches and bug fixes for its software products. Patch Tuesday is a crucial part of Microsoft’s security strategy, as it allows individual users and organizations to stay up-to-date with the latest security fixes and updates.

So, what has been fixed in this Patch Tuesday edition, and what products have been affected by security bugs?

Patch Tuesday February 2023: Affected Microsoft Products

patch tuesday keyboard

The release contains security updates for a range of products, features and roles, including:

  • .NET and Visual Studio
  • .NET Framework
  • 3D Builder
  • Azure App Service
  • Azure Data Box Gateway
  • Azure DevOps
  • Azure Machine Learning
  • HoloLens
  • Internet Storage Name Service
  • Microsoft Defender for Endpoint
  • Microsoft Defender for IoT
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office OneNote
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft PostScript Printer Driver
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows Codecs Library
  • Power BI
  • SQL Server
  • Visual Studio
  • Windows Active Directory
  • Windows ALPC
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows Distributed File System (DFS)
  • Windows Fax and Scan Service
  • Windows HTTP.sys
  • Windows Installer
  • Windows iSCSI
  • Windows Kerberos
  • Windows MSHTML Platform
  • Windows ODBC Driver
  • Windows Protected EAP (PEAP)
  • Windows SChannel
  • Windows Win32K

Out of the 75 reported vulnerabilities, nine are deemed Critical and 66 are ranked as Important in severity. Moreover, 37 of the bugs are classified as Remote Code Execution (RCE) flaws. Of particular note are the three zero-days that have been exploited, including:

CVE-2023-21715 with a CVSS Score of 7.3

This is a Microsoft Office Security Feature Bypass Vulnerability. A vulnerable system can be exploited if a local, authenticated user downloads and opens a file created by an attacker.

CVE-2023-21823 with a CVSS Score of 7.8

This is a Windows Graphics Component Elevation of Privilege Vulnerability.
The vulnerability could enable a malicious actor to remotely execute code and gain complete control of an affected system.

CVE-2023-23376 with a CVSS Score of 7.8

This is a Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability. This flaw could allow threat actors to achieve SYSTEM privileges on a target host. According to Trend Micro, if chained with an RCE flaw, this vulnerability could be weaponized by APT actors in ransomware and malware distribution attacks.




Other notable vulnerabilities that have been addressed include CVE-2023-21716 and several RCE flaws in the Exchange Server.

Trend Micro, for example, emphasizes the importance of quickly patching CVE-2023-21716, the critical RCE in Microsoft Word that can be exploited without any user interaction, simply by opening the Preview Pane. Microsoft has stated that an attacker could potentially send a malicious email containing an RTF payload, which would allow them to gain access and, essentially, execute commands within the application.

Lastly, several RCE vulnerabilities in Microsoft Exchange Server require the attacker to be authenticated before exploitation, so admins should prioritize those patches as well.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree