cbcvebase.
CVE-2023-21715
published 2023-02-14

CVE-2023-21715: Microsoft Publisher Security Feature Bypass Vulnerability

PriorityP279high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-03-07
Exploited in the wild
EPSS
12.11%
95.6th percentile
Microsoft Publisher Security Feature Bypass Vulnerability

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftmicrosoft_365_apps_for_enterprise>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
msrcmicrosoft_365_apps_for_enterprise_for_32-bit_systems
msrcmicrosoft_365_apps_for_enterprise_for_64-bit_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for social-engineering-based delivery: attacker convinces victim to download and open a specially crafted .pub file from a website, bypassing Office macro policies used to block untrusted or malicious files
  • Alert on macro execution within Microsoft Publisher (MSPUB.EXE) for files originating from external/internet sources (MotW-tagged files), as the vulnerability bypasses Office macro policies used to block untrusted or malicious files
  • Talos released new Snort rules to detect exploitation attempts related to the February 2023 Patch Tuesday zero-days including CVE-2023-21715; update Snort SRU/rule packs accordingly
  • ·The vulnerability requires local, authenticated access with user interaction (social engineering); it is not remotely exploitable without the victim downloading and opening the crafted file

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
vulncheck7.3HIGH
cisa7.3HIGH
vendor_msrc7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.