0patch Micropatches for Microsoft Office security feature bypass (CVE-2023-33150)

[German]ACROS Security released a micropatch on Oct. 24, 2203, to address a Microsoft Office Security Feature Bypass (CVE-2023-33150) vulnerability in Office versions 2010 and 2013, which are no longer in support.


In July 2023, Microsoft released a patch for CVE-2023-33150, a vulnerability in Microsoft Office that allows an attacker to create a malicious Word document that cannot be opened in Protected View despite having the Mark-of-the-Web ("MotW") set. The first public notice of this vulnerability came from security researcher Eduardo B. Prado, who noted that adding a space at the end of a Word document's extension prevents Word from opening the document in protected view.


Mitja Kolsek from ACROS Security points out in the above tweet and this blog post that Office 2010 and 2013 users did not receive a patch from Microsoft for this issue. As a result, ACROS Security has created its own micropatches for these versions that address CVE-2023-33150. For all PRO and Enterprise users, these patches were automatically applied by the 0patch agent without the need to restart Word. In the blog post Kolsek describes also a second vulnerability that has been fixed.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Office, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *