/

CVE-2023-21716 Report - Details, Severity, Advisories and More

CVE-2023-21716 Report - Details, Severity, Advisories and More

Twingate Team

Dec 29, 2023

CVE-2023-21716 is a critical vulnerability affecting Microsoft Word and various versions of Microsoft Office and SharePoint. With a severity rating of 9.8, this remote code execution vulnerability poses a significant risk to systems running the affected software. Although specific systems are not listed, it's important to be aware of this vulnerability and take necessary precautions to protect your data and devices.

How do I know if I'm affected?

To determine if you're affected by this vulnerability, check if you're using any of the following software: Microsoft Office 2019, Microsoft Word 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft Word 2016, Microsoft Office 2019 for Mac, Microsoft Office Online Server, Microsoft Office LTSC 2021, Microsoft Office LTSC for Mac 2021, Microsoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft 365 Apps for Enterprise, Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Server Subscription Edition Language Pack, Microsoft SharePoint Server Subscription Edition, or Microsoft Office Web Apps Server 2013 Service Pack 1. If you're using any of these versions, you may be at risk.

What should I do if I'm affected?

If you're affected by this vulnerability, it's crucial to take action. First, read email messages in plain text format. Next, use Microsoft Outlook to reduce the risk of opening RTF files from unknown sources. Configure Microsoft Office File Block policy to prevent opening RTF documents from untrusted sources. Install the recommended security updates for your affected software.

Where can I go to learn more?

For more information and resources on the CVE-2023-21716 vulnerability, refer to the following:

  • Microsoft Security Update Guide - Provides details on the vulnerability, its impact, CVSS score, exploitability assessment, workarounds, and security updates.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

This vulnerability, also known as the Microsoft Word Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. Information about the vulnerability's date added, due date, and required action is not available. In simple terms, this critical vulnerability affects Microsoft Word and various versions of Microsoft Office and SharePoint, and it's important to take necessary precautions to protect your data and devices.

Weakness enumeration

The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation.

For more details

CVE-2023-21716 is a critical vulnerability with potential for remote code execution in Microsoft Word and various Office and SharePoint versions. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-21716 Report - Details, Severity, Advisories and More

CVE-2023-21716 Report - Details, Severity, Advisories and More

Twingate Team

Dec 29, 2023

CVE-2023-21716 is a critical vulnerability affecting Microsoft Word and various versions of Microsoft Office and SharePoint. With a severity rating of 9.8, this remote code execution vulnerability poses a significant risk to systems running the affected software. Although specific systems are not listed, it's important to be aware of this vulnerability and take necessary precautions to protect your data and devices.

How do I know if I'm affected?

To determine if you're affected by this vulnerability, check if you're using any of the following software: Microsoft Office 2019, Microsoft Word 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft Word 2016, Microsoft Office 2019 for Mac, Microsoft Office Online Server, Microsoft Office LTSC 2021, Microsoft Office LTSC for Mac 2021, Microsoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft 365 Apps for Enterprise, Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Server Subscription Edition Language Pack, Microsoft SharePoint Server Subscription Edition, or Microsoft Office Web Apps Server 2013 Service Pack 1. If you're using any of these versions, you may be at risk.

What should I do if I'm affected?

If you're affected by this vulnerability, it's crucial to take action. First, read email messages in plain text format. Next, use Microsoft Outlook to reduce the risk of opening RTF files from unknown sources. Configure Microsoft Office File Block policy to prevent opening RTF documents from untrusted sources. Install the recommended security updates for your affected software.

Where can I go to learn more?

For more information and resources on the CVE-2023-21716 vulnerability, refer to the following:

  • Microsoft Security Update Guide - Provides details on the vulnerability, its impact, CVSS score, exploitability assessment, workarounds, and security updates.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

This vulnerability, also known as the Microsoft Word Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. Information about the vulnerability's date added, due date, and required action is not available. In simple terms, this critical vulnerability affects Microsoft Word and various versions of Microsoft Office and SharePoint, and it's important to take necessary precautions to protect your data and devices.

Weakness enumeration

The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation.

For more details

CVE-2023-21716 is a critical vulnerability with potential for remote code execution in Microsoft Word and various Office and SharePoint versions. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-21716 Report - Details, Severity, Advisories and More

Twingate Team

Dec 29, 2023

CVE-2023-21716 is a critical vulnerability affecting Microsoft Word and various versions of Microsoft Office and SharePoint. With a severity rating of 9.8, this remote code execution vulnerability poses a significant risk to systems running the affected software. Although specific systems are not listed, it's important to be aware of this vulnerability and take necessary precautions to protect your data and devices.

How do I know if I'm affected?

To determine if you're affected by this vulnerability, check if you're using any of the following software: Microsoft Office 2019, Microsoft Word 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft Word 2016, Microsoft Office 2019 for Mac, Microsoft Office Online Server, Microsoft Office LTSC 2021, Microsoft Office LTSC for Mac 2021, Microsoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft 365 Apps for Enterprise, Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Server Subscription Edition Language Pack, Microsoft SharePoint Server Subscription Edition, or Microsoft Office Web Apps Server 2013 Service Pack 1. If you're using any of these versions, you may be at risk.

What should I do if I'm affected?

If you're affected by this vulnerability, it's crucial to take action. First, read email messages in plain text format. Next, use Microsoft Outlook to reduce the risk of opening RTF files from unknown sources. Configure Microsoft Office File Block policy to prevent opening RTF documents from untrusted sources. Install the recommended security updates for your affected software.

Where can I go to learn more?

For more information and resources on the CVE-2023-21716 vulnerability, refer to the following:

  • Microsoft Security Update Guide - Provides details on the vulnerability, its impact, CVSS score, exploitability assessment, workarounds, and security updates.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

This vulnerability, also known as the Microsoft Word Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. Information about the vulnerability's date added, due date, and required action is not available. In simple terms, this critical vulnerability affects Microsoft Word and various versions of Microsoft Office and SharePoint, and it's important to take necessary precautions to protect your data and devices.

Weakness enumeration

The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation.

For more details

CVE-2023-21716 is a critical vulnerability with potential for remote code execution in Microsoft Word and various Office and SharePoint versions. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page.