Final week, cybersecurity researcher Joshua Drake printed a proof-of-concept for a vulnerability in Microsoft Phrase, detailing a approach for menace actors to ship malware (opens in new tab) with out customers ever needing to open a file.

The vulnerability is tracked as CVE-2023-21716. It’s been given a 9.eight severity rating and deemed vital, because it permits for distant code execution.

BleepingComputer reported that Microsoft mounted it within the February Patch Tuesday cumulative replace.

No proof of abuse

These that don’t apply the patch threat having their endpoints compromised merely by loading a malicious .RTF doc within the preview pane. 

As per Drake’s report, the RTF parser in Microsoft Phrase carries a heap corruption flaw that may be activated “when coping with a font desk containing an extreme variety of fonts.” What’s extra, the vulnerability is comparatively straightforward to write down, as its whole code can slot in a single tweet. 

Alternatively, Microsoft reassured customers that menace actors really abusing the flaw is “much less doubtless”, including that there is no such thing as a proof this has occurred within the wild. Reality be instructed, we are able to’t say for sure if Drake’s PoC might be weaponized or not, as they solely confirmed the exploitation in idea. 

For these not enthusiastic about risking something, the easiest way to remain protected is to use Microsoft’s cumulative replace printed within the February Patch Tuesday. These that may’t apply the repair for no matter purpose ought to both learn emails in plain textual content format, or allow the Microsoft Workplace File Block coverage, which bans Workplace apps from opening RTF paperwork originating from untrusted sources. 

The latter requires a bit extra talent, although, because the Home windows Registry must be tweaked. Moreover, “in case you use Registry Editor incorrectly, it’s possible you’ll trigger critical issues which will require you to reinstall your working system,” Microsoft cautions. 

Additionally, in case you don’t arrange an “exempt listing”, you may not be capable to open any RTF doc anymore.

• Try the very best firewalls (opens in new tab)

By way of: BleepingComputer (opens in new tab)