Microsoft Excel Use-After-Free Vulnerability Allowing Local Code Execution

A use-after-free vulnerability has been identified in Microsoft Office Excel. This issue allows an unauthorized attacker to execute code locally. The vulnerability is present in several versions of Excel, including Excel 2016 (both 32-bit and 64-bit editions), Microsoft Office LTSC for Mac 2024, Microsoft Office LTSC 2024 for 32-bit and 64-bit editions, Microsoft Office LTSC 2021 for 32-bit and 64-bit editions, Microsoft Office LTSC for Mac 2021, Microsoft 365 Apps for Enterprise for 32-bit and 64-bit systems, and Microsoft Office 2019 for 32-bit and 64-bit editions. Office Online Server is also affected.

Impact

Exploitation of this vulnerability allows for remote code execution.

Remediation

Users can download the security update for Microsoft Excel 2016 (32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC 2024 (32-bit and 64-bit editions), the security update is also available through the Microsoft Update Catalog. Microsoft Office LTSC 2021 (32-bit and 64-bit editions) users can download the security update from the Microsoft Update Catalog. For Microsoft 365 Apps for Enterprise (32-bit and 64-bit systems), the security update is available through the Microsoft Update Catalog. Office Online Server users can download the security update from the Microsoft Update Catalog.