Microsoft Office Privilege Escalation Vulnerability

A use-after-free vulnerability has been identified in Microsoft Office, allowing an authorized attacker to locally elevate privileges. This vulnerability requires the attacker to log onto the system and can be exploited by running a specially crafted application or by convincing a user to open a malicious file.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM privileges.

Remediation

Users should apply the security updates available for their version of Microsoft Office. For those who have installed KB5002700, which addresses this vulnerability, it is also necessary to install KB5002623 to resolve a related issue that causes Word, Excel, and Outlook to become unresponsive. Instructions for downloading these updates are available on the Microsoft Support website.