CVE-2023-21715
published 2023-02-14CVE-2023-21715: Microsoft Publisher Security Feature Bypass Vulnerability
PriorityP279high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-03-07
Exploited in the wild
EPSS
12.11%
95.6th percentile
Microsoft Publisher Security Feature Bypass Vulnerability
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise | >= 16.0.1 < https://aka.ms/OfficeSecurityReleases | https://aka.ms/OfficeSecurityReleases |
| msrc | microsoft_365_apps_for_enterprise_for_32-bit_systems | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_64-bit_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for social-engineering-based delivery: attacker convinces victim to download and open a specially crafted .pub file from a website, bypassing Office macro policies used to block untrusted or malicious files ↗
- →Alert on macro execution within Microsoft Publisher (MSPUB.EXE) for files originating from external/internet sources (MotW-tagged files), as the vulnerability bypasses Office macro policies used to block untrusted or malicious files ↗
- →Talos released new Snort rules to detect exploitation attempts related to the February 2023 Patch Tuesday zero-days including CVE-2023-21715; update Snort SRU/rule packs accordingly ↗
- ·The vulnerability requires local, authenticated access with user interaction (social engineering); it is not remotely exploitable without the victim downloading and opening the crafted file ↗
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
vulncheck7.3HIGH
cisa7.3HIGH
vendor_msrc7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9gf3-6wpf-hgpx: Microsoft Publisher Security Features Bypass Vulnerability
ghsa_unreviewed·2023-02-14
CVE-2023-21715 [HIGH] CWE-863 GHSA-9gf3-6wpf-hgpx: Microsoft Publisher Security Features Bypass Vulnerability
Microsoft Publisher Security Features Bypass Vulnerability
VulnCheck
Microsoft Office Publisher Security Feature Bypass Vulnerability
vulncheck·2023·CVSS 7.3
CVE-2023-21715 [HIGH] CWE-863 Microsoft Office Publisher Security Feature Bypass Vulnerability
Microsoft Office Publisher Security Feature Bypass Vulnerability
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
Affected: Microsoft Office
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2023-Feb; https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/; https://www.trellix.com/en-us/about/newsroom/stories/research/storm-0324-an-access-for-the-raas-threat-actor.html; https://ti.qianxin.com/uploads/2024/02/02/dcc93e586f9028c68e7ab34c3326ff31.pdf
Remediation Due: 2023-0
CISA
Microsoft Office Publisher Security Feature Bypass Vulnerability
cisa·2023-02-14·CVSS 7.3
CVE-2023-21715 [HIGH] CWE-863 Microsoft Office Publisher Security Feature Bypass Vulnerability
Vulnerability: Microsoft Office Publisher Security Feature Bypass Vulnerability
Affected: Microsoft Office
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
Required Action: Apply updates per vendor instructions.
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715; https://nvd.nist.gov/vuln/detail/CVE-2023-21715
Remediation Due Date: 2023-03-07
Microsoft
Microsoft Publisher Security Feature Bypass Vulnerability
vendor_msrc·2023-02-14·CVSS 7.3
CVE-2023-21715 [HIGH] Microsoft Publisher Security Feature Bypass Vulnerability
Microsoft Publisher Security Feature Bypass Vulnerability
FAQ: According to the CVSS metric, the attack vector is local (AV:L), privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?
The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.
FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for th
No detection rules found.
No public exploits indexed.
Checkpoint
The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors
blogs_checkpoint·2023-12-04
CVE-2023-21715 The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors
Research by: Haifei Li, Check Point Research
## Introduction
Outlook, the desktop app in t
Checkpoint
20th February – Threat Intelligence Report
blogs_checkpoint·2023-02-20
CVE-2023-21823 20th February – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th February, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
Check Point Research identified a campaign against entities in Armenia, using a new version of OxtaRAT – an AutoIt-based backdoor for remote access and desktop surveillance. The threat actors have been targeting human rights organizations, dissidents, and independent media in Azerbaijan for several years, amid rising tens
Talos
Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
blogs_talos·2023-02-16
Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
## Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
Welcome to this week’s edition of the Threat Source newsletter.
I am back after more than three months away from Talos on parental leave. Having a baby really resets your expectations for “keeping up” with the world. From November through mid-January or so I had no idea what was going on with the outside world, I only cared about my daughter’s feeding schedule and tried to squeeze in 30-minute naps where I could.
I’ve slowly started to re-introduce myself to social media and the news world at large over the past few weeks so my return to work wasn’t so abrupt, and I missed quite a bit. There was a stretch there where I was only getting the latest headlines from Weekend Update on “Saturday Ni
Talos
Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
blogs_talos·2023-02-16
Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
Welcome to this week’s edition of the Threat Source newsletter.
I am back after more than three months away from Talos on parental leave. Having a baby really resets your expectations for “keeping up” with the world. From November through mid-January or so I had no idea what was going on with the outside world, I only cared about my daughter’s feeding schedule and tried to squeeze in 30-minute naps where I could.
I’ve slowly started to re-introduce myself to social media and the news world at large over the past few weeks so my return to work wasn’t so abrupt, and I missed quite a bit. There was a stretch there where I was only getting the latest headlines from Weekend Update on “Saturday Night Live.”
My teammates Madison Burns and Bill Largent did a fantastic job filling in for me on t
Qualys
The February 2023 Patch Tuesday Security Update Review
blogs_qualys·2023-02-15
The February 2023 Patch Tuesday Security Update Review
## Table of Contents
Microsoft Patches for February2023
Adobe Patches for February2023
Notable and Critical Microsoft Vulnerabilities Patched
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
This Month in Vulnerabilities & Patches
Microsoft and Adobe have released several monthly security fixes and updates for their products. Let’s take a look at the highlights of this month’s Patch Tuesday as we review and discuss the security updates.
## Microsoft Patches for February 2023
Microsoft has patched 79 vulnerabilities this month, in
Qualys
The February 2023 Patch Tuesday Security Update Review | Qualys
blogs_qualys·2023-02-15
The February 2023 Patch Tuesday Security Update Review | Qualys
#### Table of Contents
- Microsoft Patches for February2023
- Adobe Patches for February2023
- Notable and Critical Microsoft Vulnerabilities Patched
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
- This Month in Vulnerabilities & Patches
Microsoft and Adobe have released several monthly security fixes and updates for their products. Let’s take a look at the highlights of this month’s Patch Tuesday as we review and discuss the security updates.
## Microsoft Patches for February 2023
Microsoft has patched 79 vulnerabilities t
Talos
Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
blogs_talos·2023-02-14·CVSS 9.8
CVE-2023-21823 [CRITICAL] Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical”, 64 are classified as “Important”, one vulnerability is classified as “Moderate.”
According to Microsoft none of the vulnerabilities has been publicly disclosed before Patch Tuesday and only three vulnerabilities were seen in the wild. The most serious one is CVE-2023-21823 a Windows Graphics Component Remote Code Execution Vulnerability. Followed by CVE-2023-21715 a Microsoft Publisher Security Features Bypass Vulnerability which we are describing below and CVE-2023-23376 a local Windows Common Log File System Driver Elevation of Privilege Vulnerability.
Three of the most “Critical“ vulnerabilities, which Microsoft considers to be “more likel
Tenable
Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)
blogs_tenable·2023-02-14·CVSS 7.8
[HIGH] Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, February 2023 Edition
blogs_krebs·2023-02-14·CVSS 7.3
CVE-2023-23376 [HIGH] Microsoft Patch Tuesday, February 2023 Edition
Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks.
Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs. Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver , which is present in Windows 10 and 11 systems, as well as many server versions of Windows.
“Sadly, there’s just a little solid information about this privilege escalation,” said Dustin Childs , head of threat awareness at Trend Micro’s Ze
Talos
Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
blogs_talos·2023-02-14·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical”, 64 are classified as “Important”, one vulnerability is classified as “Moderate.”
According to Microsoft none of the vulnerabilities has been publicly disclosed before Patch Tuesday and only three vulnerabilities were seen in the wild. The most serious one is CVE-2023-21823 a Windows Graphics Component Remote Code Execution Vulnerability. Followed by CVE-2023-21715 a Microsoft Publisher Security Features Bypass Vulnerability which we are describing below and CVE-2023-23376 a local Windows Common Log File System Driver Elevation of Privilege Vulnerability.
Krebs
Microsoft Patch Tuesday, February 2023 Edition
blogs_krebs·2023-02-14·CVSS 7.3
CVE-2023-23376 [HIGH] Microsoft Patch Tuesday, February 2023 Edition
Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks.
Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs. Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver, which is present in Windows 10 and 11 systems, as well as many server versions of Windows.
“Sadly, there’s just a little solid information about this privilege escalation,” said Dustin Childs, head of threat awareness at Trend Micro’s Zero
Crowdstrike
February 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] February 2023 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
February 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] February 2023 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2023-02-14
Published
2023-02-14
Added to CISA KEV
Exploited in the wild