CVE-2023-21716 - Critical Remote Code Execution in Microsoft Office, severity 9.8

There is a new critical CVE in Microsoft Word:
[https://nvd.nist.gov/vuln/detail/CVE-2023-21716](https://nvd.nist.gov/vuln/detail/CVE-2023-21716)

Microsoft advisory:
[https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716)


While it is technically a Microsoft Word vulnerability, it can be triggered by using Outlook Preview Pane. Impacts both Windows and Mac versions of Office.

We are working on the technical advisory right now (Bitdefender), but there is a high probability this will be weaponized quickly, so make sure you have everything patched. There are already a few different PoC exploits, the shortest one can even fit …

advisory bitdefender code code execution critical cve cve-2023-21716 cybersecurity high mac microsoft microsoft office microsoft word office outlook preview preview pane remote code remote code execution severity technical vulnerability windows word working