Microsoft Excel Buffer Over-Read Vulnerability Allowing Information Disclosure

A buffer over-read vulnerability has been identified in Microsoft Office Excel. This issue allows an unauthorized attacker to locally disclose information by exploiting the way Excel handles memory. The vulnerability affects several versions of Excel, including the 2016 32-bit and 64-bit editions, as well as Microsoft Office LTSC for Mac 2021 and 2024, and Microsoft 365 Apps for Enterprise for both 32-bit and 64-bit systems.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing attackers to read small portions of heap memory.

Remediation

Users can download the security update for Microsoft Excel 2016 (32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC 2021 and 2024 (both 32-bit and 64-bit editions), security updates will be released as soon as possible, with customers being notified via a revision to the CVE information. Microsoft 365 Apps for Enterprise users can also download the security update from the Microsoft Update Catalog.