{"id":144012,"date":"2023-03-09T09:38:07","date_gmt":"2023-03-09T14:38:07","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?p=144012"},"modified":"2023-03-09T09:40:11","modified_gmt":"2023-03-09T14:40:11","slug":"144012","status":"publish","type":"post","link":"https:\/\/www.bu.edu\/tech\/2023\/03\/09\/144012\/","title":{"rendered":"Microsoft security patch for Word, SharePoint, Office 365, and Office for Mac"},"content":{"rendered":"

In February, Microsoft released a patch for a critical vulnerability in Word, SharePoint, Office 365, and Office for Mac that could allow remote code execution. As such, we are issuing this advisory to call this to your attention and asking you to update your devices now.<\/p>\n

IMPACT<\/strong>
\nThe vulnerability CVE-2023-21716 is of low complexity and could be exploited by sending an email with a rich text format (RTF) payload that, when opened or viewed in Outlook\u2019s \u201cPreview Pane\u201d, leads to command execution. A proof-of-concept for this vulnerability was released last weekend and could be a sign of upcoming malware campaigns.
\nVERSIONS AFFECTED
\n\u00b7 Microsoft Office 2019 for 32-bit editions
\n\u00b7 Microsoft Office 2019 for 64-bit editions
\n\u00b7 Microsoft Word 2013 Service Pack 1 (64-bit editions)
\n\u00b7 Microsoft Word 2013 RT Service Pack 1
\n\u00b7 Microsoft Word 2013 Service Pack 1 (32-bit editions)
\n\u00b7 Microsoft SharePoint Foundation 2013 Service Pack 1
\n\u00b7 Microsoft SharePoint Foundation 2013 Service Pack 1
\n\u00b7 Microsoft Office Web Apps Server 2013 Service Pack 1
\n\u00b7 Microsoft Word 2016 (32-bit edition)
\n\u00b7 Microsoft Word 2016 (64-bit edition)
\n\u00b7 Microsoft SharePoint Server 2019
\n\u00b7 Microsoft SharePoint Server 2019
\n\u00b7 Microsoft SharePoint Enterprise Server 2013 Service Pack 1
\n\u00b7 Microsoft SharePoint Enterprise Server 2013 Service Pack 1
\n\u00b7 Microsoft SharePoint Enterprise Server 2013 Service Pack 1
\n\u00b7 Microsoft SharePoint Enterprise Server 2016
\n\u00b7 Microsoft 365 Apps for Enterprise for 64-bit Systems
\n\u00b7 Microsoft Office 2019 for Mac
\n\u00b7 Microsoft Office Online Server
\n\u00b7 SharePoint Server Subscription Edition Language Pack
\n\u00b7 Microsoft 365 Apps for Enterprise for 32-bit Systems
\n\u00b7 Microsoft Office LTSC 2021 for 64-bit editions
\n\u00b7 Microsoft SharePoint Server Subscription Edition
\n\u00b7 Microsoft SharePoint Server Subscription Edition
\n\u00b7 Microsoft Office LTSC 2021 for 32-bit editions
\n\u00b7 Microsoft Office LTSC for Mac 2021<\/p>\n

RECOMMENDATIONS<\/strong>
\nApply the appropriate KB from https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21716. If patching is not possible, MS recommends reading emails in plain text format or using the Office File Block policy to prevent RTF documents. Instructions on how to enable both options can be found in the link above and in the references section below.<\/p>\n

If you are running an older no longer supported version of Microsoft software (see: https:\/\/learn.microsoft.com\/en-us\/deployoffice\/endofsupport\/resources), you may be eligible for a free upgrade. See https:\/\/www.bu.edu\/tech\/services\/cccs\/desktop\/distribution\/microsoft\/<\/p>\n

REFERENCES<\/strong><\/p>\n

[1] https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21716 <\/a>
\n[2] https:\/\/www.cyberkendra.com\/2023\/03\/researchers-released-ms-office-zero-day.html<\/a>
\n[3] https:\/\/www.bleepingcomputer.com\/news\/security\/proof-of-concept-released-for-critical-microsoft-word-rce-bug\/<\/a>
\n[4] https:\/\/support.microsoft.com\/en-us\/office\/change-the-message-format-to-html-rich-text-format-or-plain-text-338a389d-11da-47fe-b693-cf41f792fefa?ui=en-us&rs=en-us&ad=us<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

In February, Microsoft released a patch for a critical vulnerability in Word, SharePoint, Office 365, and Office for Mac that could allow remote code execution. As such, we are issuing this advisory to call this to your attention and asking you to update your devices now. IMPACT The vulnerability CVE-2023-21716 is of low complexity and…<\/p>\n","protected":false},"author":4352,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[795,17001],"tags":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/144012"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/4352"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=144012"}],"version-history":[{"count":3,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/144012\/revisions"}],"predecessor-version":[{"id":144015,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/144012\/revisions\/144015"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=144012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/categories?post=144012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/tags?post=144012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}