A critical vulnerability in Microsoft Word, CVE-2023-21716, has been assigned a 9.8 out of 10 severity score and was addressed in the February Patch Tuesday security updates. The vulnerability allows remote code execution and requires no user interaction to exploit. Security researcher Joshua Drake discovered the vulnerability in Microsoft Office’s “wwlib.dll” and sent Microsoft a technical advisory containing proof-of-concept (PoC) code showing the issue is exploitable.
The vulnerability is triggered “when dealing with a font table (*fonttbl*) containing an excessive number of fonts (*f###*)” and can be exploited with “a properly crafted heap layout.” Drake managed to fit the PoC in a tweet and there is no indication that the vulnerability is being exploited in the wild. Microsoft recommends reading emails in plain text format or enabling the Microsoft Office File Block policy as workarounds. As Microsoft warns, “if you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system.”
“A full list of the Microsoft Office products impacted by the vulnerability is available in the vendor’s advisory for CVE-2023-21716,” said Drake. “Installing the security update from Microsoft remains the safest way to deal with the vulnerability.”