Microsoft Office Word Remote Code Execution Vulnerability

A use-after-free vulnerability has been identified in Microsoft Office Word, allowing an unauthorized attacker to execute code locally. This issue affects multiple versions of Word, including Word 2016 (both 32-bit and 64-bit editions), Word 2019 (also in 32-bit and 64-bit editions), and Word as part of Microsoft 365 Apps for Enterprise (again, in both 32-bit and 64-bit systems). Additionally, this vulnerability impacts Microsoft Office LTSC for Mac 2021 and 2024, as well as SharePoint Server 2019 and SharePoint Enterprise Server 2016.

Impact

Exploitation of this vulnerability could lead to remote code execution.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2021 and 2024, the security update will be released as soon as possible, with customers being notified via a revision to the CVE information.