Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Microsoft Office Security Feature Bypass Vulnerability
Vulnerability
A security feature bypass vulnerability has been identified in Microsoft Office. This vulnerability arises from a reliance on untrusted inputs in security decisions, allowing unauthorized attackers to locally bypass certain security features. The issue affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office 2021, and various editions of Microsoft 365 Apps for Enterprise. The vulnerability exploits OLE mitigations that protect users from vulnerable COM/OLE controls.
Impact
Exploitation of this vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office, which are designed to protect users from vulnerable COM/OLE controls.
Remediation
Users can apply the security update available for Microsoft Office 2016 and 2019. For Office 2021 and later, a service-side change has been implemented, but applications need to be restarted for the update to take effect. Instructions for applying the security update or the necessary registry keys for immediate protection are available on the Microsoft Update Catalog.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.