Vulnerability notification: CVE-2023-21716 Microsoft Word Remote Code Execution Vulnerability

This notice provides details on a critical vulnerability associated with Microsoft Word .rtf (Rich Text Format) format.

CVSSv3: 9.8

Microsoft warns of a critical memory corruption vulnerability that may be triggered when receiving a Word document which contains a font table that contains an excessive number of fonts. This is a simple code line which may be embedded in a Word document and emailed to a user. The vulnerability does NOT require the user to open the document to exploit, rather the exploitation can be triggered when the document is loaded into the Preview Pane. An attacker may leverage this vulnerability to execute arbitrary code at the permission level of the victim user.


Microsoft released a fix in the Microsoft Office patch that was pushed in the last Patch Tuesday on 2/14/23.

There are optional mitigations noted in the below Microsoft article if an organization has a Microsoft Word deployment that cannot be patched.

Critical Insight recommends that organizations ensure that users apply this patch as soon as possible. This exploit has not yet been seen in the wild, however threat actors are known to take advantage of exploits that can be used to target employees in order to gain a foothold and launch more widespread and damaging attacks.

Additional information: