Microsoft Office Use-After-Free Vulnerability Allowing Local Code Execution

A use-after-free vulnerability has been identified in Microsoft Office, which allows an unauthorized attacker to execute code locally. This vulnerability affects multiple Office products and versions, including Microsoft Office LTSC for Mac 2024, Microsoft Office LTSC for Mac 2021, Microsoft 365 Apps for Enterprise (both 32-bit and 64-bit), Microsoft Office for Android, and various editions of Microsoft Office LTSC 2021 and 2024 for Windows. The vulnerability arises from improper memory management, leading to a use-after-free condition that can be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution on the affected system.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog or via the Office Update mechanism. For Microsoft Office 2016 users, the security update is available through the Microsoft Download Center.