Security researcher Joshua Drake reached out to Microsoft last year with a technical advisory POC showing that there was a vulnerability in Microsoft Office’s wwlib.dll. The vulnerability is tracked as CVE-2023-21716 and was labeled as critical with a score of 9.8 our of 10. Since Microsoft addressed these issues in their February Patch Tuesday, the researcher has now released their POC in the wild. A remote attacker could potentially take advantage of the issue to execute code with the same privileges as the victim that opens a malicious .RTF document. To take it one step further, the document does not have to be fully opened, and an attack could start if the victim does as little as preview the document in their OutLook email client.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security