Kevin BeaumontMar 6, 2023

Keep an eye on CVE-2023-21716 aka MS Word vulnerability from February 2023 in RTF files.

There's a public proof of concept: https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md

Where it gets more interesting - you can embed RTF files in email, Microsoft Outlook renders them with no clicks, by just reading the email. There's a decent chance this could become problematic combination.. although not yet as the PoC is vague enough to require a clue to exploit. HT @fellows

#CVE202321716

Show threadKevin BeaumontMar 6, 2023
Good luck anybody enabling this mitigation in a corporate environment, lmao.
Show threadKevin BeaumontMar 7, 2023

I've been keeping an eye on #CVE202321716 (the MS Word RTF vuln) via #GossiMonitoring

The headline is, people are starting to experiment with it.

Show threadFellows
@GossiTheDog If you had to guess, how long before this becomes a problem for anyone who didn’t apply February’s Office updates?
Mar 7, 2023 at 6:09pmWeb