Microsoft Excel Integer Underflow Vulnerability Leading to Remote Code Execution

A vulnerability allowing remote code execution has been identified in Microsoft Office Excel. This issue arises from an integer underflow, or wraparound, which could enable an unauthorized attacker to execute code locally. The vulnerability affects several versions of Excel, including Excel 2016 (both 32-bit and 64-bit editions), Office LTSC for Mac 2024, Office LTSC 2024 for 32-bit and 64-bit editions, Office LTSC 2021 for 32-bit and 64-bit editions, Office LTSC for Mac 2021, Microsoft 365 Apps for Enterprise for both 32-bit and 64-bit systems, Office 2019 for 32-bit and 64-bit editions, and Office Online Server.

Impact

Exploitation of this vulnerability allows for remote code execution.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Office 2016, the security update is available via the Microsoft Download Center. Instructions for downloading the security update for Microsoft Office LTSC 2024, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise can be found in the respective release notes. Office Online Server users can download the security update from the Microsoft Download Center.