The vulnerability has been patched since February, but according to Bkav's statistics, nearly 4 million Vietnamese computers are still at risk of being attacked by viruses because they have not been patched. Bkav releases a free tool to scan vulnerabilities and update instructions.
The vulnerability (identifier CVE-2023-21716) has a near-perfect severity score (9.8/10) and allows remote code execution on the target device. Taking advantage of the vulnerability, hackers can deploy large-scale virus infection campaigns, thereby taking control of devices remotely, collecting, encrypting data, downloading and executing other viruses.
Mr. Nguyen Tien Dat, General Director of Bkav's Malware Research Center, said: "Vulnerabilities of this type are always attractive to hackers because they exist on popular text files. Meanwhile, with devices that do not have automatic updates enabled, updating the patch is not simple, not everyone can do it."
Bkav has released a free tool to help users quickly check their computers for vulnerabilities and provide instructions for updating patches. Users do not need to install, but can launch it to scan at: Bkav.com.vn/Tool/CVE-2023-21716Scan.
Computers using Bkav Pro do not need to run this tool because it has automatic scanning and warning features.
Instructions for scanning and patching CVE-2023-21716 vulnerability:
Step 1: Run the tool, click Test
Step 2: The tool will notify the computer whether there is a vulnerability or not.
If so, patch the vulnerability in one of two ways:
Method 1: Update the patch through Windows Update, by going to Windows Update in Settings, find and update the patch.
Method 2: Manually download the patch, by clicking OK in the tool's scan result message to open the official patch download page from Microsoft
Step 3: Check the Microsoft Office version information you are using by opening any Office application, for example Word or Excel, selecting Account >> About Word. Here, the version information is displayed as shown below:
Step 4: At the website that opens in Step 2, find the Security Updates section. Here, select the patch that corresponds to the version of Microsoft Office available in step 3 and download it
Step 5: Run the downloaded patch to fix the error.