Microsoft Office Use-After-Free Vulnerability Allowing Local Code Execution

A use-after-free vulnerability has been identified in Microsoft Office, which allows an unauthorized attacker to execute code locally. This vulnerability affects multiple Office products, including Office 2016, Office 2019, Office 2021, and various versions of Office for Mac and Android. The vulnerability arises from improper memory management, leading to a use-after-free condition that can be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog or via the Google Play Store for the Android version. For Microsoft Office LTSC for Mac 2021 and 2024, the security update is available through the Mac App Store. Instructions for updating Microsoft 365 Apps for Enterprise are also available on the Microsoft Office Update page.