Microsoft Office Excel Out-of-Bounds Read Vulnerability Allowing Information Disclosure

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office Excel. This issue could enable an unauthorized attacker to locally disclose information by reading small portions of heap memory. The vulnerability affects several different versions and editions of Microsoft Excel, as well as other Microsoft Office products.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure.

Remediation

Users can download the security update for Microsoft Excel 2016 (both 32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2024 and 2021, security updates are also available. Additionally, users of Microsoft 365 Apps for Enterprise can apply the security update for both 32-bit and 64-bit systems. For Microsoft Office 2019, security updates can be downloaded for both 32-bit and 64-bit editions. Microsoft SharePoint Server 2019 and SharePoint Enterprise Server 2016 users can also apply available security updates.