A Microsoft Word Remote Code Execution Vulnerability
As businesses and individuals continue to rely on digital documents, new security challenges are constantly emerging. This week’s Cytidel Intelligence Insight relates to CVE-2023-21716, a new Microsoft Office Word vulnerability. This vulnerability allows attackers to execute arbitrary commands with the victim's privileges by exploiting a heap corruption vulnerability found in the RTF parser.
What is a heap corruption?
A heap corruption vulnerability occurs when an attacker is able to manipulate a program's memory allocation process in a way that corrupts the region of memory used for dynamic memory allocation. This can cause the program to behave unpredictably, and can allow the attacker to execute arbitrary code on the system. Attackers create a malicious RTF (Rich Text Format) file, a type of file commonly used for exchanging text between different word processors and text editors, and send it to unsuspecting victims. When the victim opens the file, the vulnerability is triggered, and the attacker can then execute arbitrary commands on the victim's system, potentially compromising sensitive data or causing damage to critical systems and networks.
Why Should I Care?
This vulnerability has seen a rising exploit trend since we added it to the weekly watchlist we issue to customers last week, growing from 17.94% to 55.1%. It can be exploited by a low privileged user, making it easier for attackers to gain unauthorized access to sensitive information, as well as the installation of malicious programs and unauthorized access to critical systems and networks.
What's particularly alarming about this vulnerability is that even just loading the malicious RTF document in the Preview Pane can be enough for exploitation. Victims do not have to open the payload to be affected.
What Can I Do?
Fortunately, Microsoft has released a patch to address this vulnerability in their February 14, 2023, Patch Tuesday updates. If you haven't already done so, make sure you update your Microsoft Office software to the latest version to protect from this and other potential vulnerabilities.
In addition to software updates, it's also essential to practice good cybersecurity hygiene to protect against these types of attacks. Avoid opening suspicious files or emails from unknown sources, and always be wary of unexpected attachments. Stay vigilant and report any suspicious activity to your IT or security team immediately.
Keep your organisation ahead of threats with Cytidel Threat Intelligence
To find out more about Cytidel’s threat intelligence offering, visit https://www.cytidel.com/threat-intelligence
Stay safe and secure!
The Cytidel Threat Intelligence Team
Comments