Feb 2023: Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2023-21715 Published on February 14, 2023
Microsoft Publisher Security Feature Bypass Vulnerability
Microsoft Publisher Security Feature Bypass Vulnerability
Known Exploited Vulnerability
This Microsoft Office Security Feature Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Office contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system.
The following remediation steps are recommended / required by March 7, 2023: Apply updates per vendor instructions.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2023-21715 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-21715
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-21715 are published in Microsoft 365 Apps:
Affected Versions
Microsoft 365 Apps for Enterprise:- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.