Every Word user should check whether their Word has already been updated by Microsoft. CVE-2023-21716 describes a critical vulnerability with a severity level of 9.8 out of 10 according to CVSS 3.1. Checking the version is quite simple.
Incidentally, Microsoft released a Word vulnerability with a severity level of 9.8 out of 10 according to CVSS 3.1. This critical vulnerability allows opening a manipulated Rich Text Format (.rtf) document to allow malicious code injection. Although Microsoft describes the danger of the vulnerability on its website, it does not provide any further information. This information can be found at on the page qoop.org by Joshua J. Drake. He describes the problem there with the heading "Microsoft Word RTF Font Table Heap Corruption", but with the date November 2022.
Microsoft patches are available
Microsoft usually patches the Word version with regular Windows updates. However, this is sometimes only the case with retail versions. According to Microsoft, an already installed update brings the various Word versions to the following version number. The versions on the Microsoft website are available for a manual update.
Current Channel: Version 2301 (Build 16026.20200)
Monthly Enterprise Channel: Version 2212 (Build 15928.20282)
Monthly Enterprise Channel: Version 2211 (Build 15831.20280)
Semi-Annual Enterprise Channel (Preview): Version 2208 (Build 15601.20538)
Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20538)
Semi-Annual Enterprise Channel: Version 2202 (Build 14931.20926)
Semi-Annual Enterprise Channel: Version 2108 (Build 14326.21336)
Office 2021 Retail: Version 2301 (Build 16026.20200)
Office 2019 Retail: Version 2301 (Build 16026.20200)
Office 2016 Retail: Version 2301 (Build 16026.20200)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20461)
Office 2019 Volume Licensed: Version 1808 (Build 10395.20020)
A current Word from an Office 365 subscription has version 2301 (Build 16026.20200). The version can be easily read via Word / account and info about Word. A very recent Word should even show 2302 there. Everything under 2301 or the appropriate version number of the enterprise solutions should be updated urgently.
More at Microsoft.com
About Microsoft Germany Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning. As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.