CVE-2023-33150

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixed version

Description The issue is related to errors in security settings, allowing a remote attacker to bypass existing security restrictions. The vulnerability can be exploited if a filename ends in Extended ASCII 255 (NBSP), which can be written and read by Office, although it does not perform any actions with it. There have been reports of this issue being exploited in the wild, with some organizations still being vulnerable despite having August 2023 updates.

Recommendations For Microsoft Office versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting the use of filenames that end in Extended ASCII 255 (NBSP) to minimize the risk of exploitation.