Subj : This malicious Word doc doesn't even have to be opened to infect To : All From : TechnologyDaily Date : Tue Mar 07 2023 13:15:03 This malicious Word doc doesn't even have to be opened to infect your PC Date: Tue, 07 Mar 2023 13:00:33 +0000 Description: Previewing the file is enough to have the threat actor run code remotely. FULL STORY ====================================================================== Last week, cybersecurity researcher Joshua Drake published a proof-of-concept for a vulnerability in Microsoft Word, detailing a way for threat actors to deliver malware without users ever needing to open a file. The vulnerability is tracked as CVE-2023-21716. Its been given a 9.8 severity score and deemed critical, as it allows for remote code execution. BleepingComputer reported that Microsoft fixed it in the February Patch Tuesday cumulative update. No evidence of abuse Those that do not apply the patch risk having their endpoints compromised merely by loading a malicious .RTF document in the preview pane. As per Drake's report, the RTF parser in Microsoft Word carries a heap corruption flaw that can be activated when dealing with a font table containing an excessive number of fonts. Whats more, the vulnerability is relatively easy to write, as its entire code can fit in a single tweet. On the other hand, Microsoft reassured users that threat actors actually abusing the flaw is less likely, adding that there is no evidence this has happened in the wild. Truth be told, we cant say for certain if Drakes PoC can be weaponized or not, as they only showed the exploitation in theory. Read more > This major new security flaw affects all versions of Windows - here's what you need to know > These popular VPN routers are being hacked to spread malware > These are the best endpoint protection tools For those not interested in risking anything, the best way to stay protected is to apply Microsofts cumulative update published in the February Patch Tuesday. Those that cant apply the fix for whatever reason should either read emails in plain text format, or enable the Microsoft Office File Block policy, which bans Office apps from opening RTF documents originating from untrusted sources. The latter requires a bit more skill, though, as the Windows Registry needs to be tweaked. Furthermore, if you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system, Microsoft cautions. Also, if you dont set up an exempt directory, you might not be able to open any RTF document anymore. Check out the best firewalls Via: BleepingComputer ====================================================================== Link to news story: https://www.techradar.com/news/this-malicious-word-doc-doesnt-even-have-to-be- opened-to-infect-your-pc --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .