Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Microsoft Office Word Security Feature Bypass Vulnerability
Vulnerability
A security feature bypass vulnerability has been identified in Microsoft Office Word. This vulnerability arises from a reliance on untrusted inputs in security decisions, allowing an unauthorized attacker to locally bypass certain security features. The issue affects multiple versions of Microsoft Office, including the 2021 and 2024 LTSC releases for both Mac and Windows, as well as Microsoft 365 Apps for Enterprise.
Impact
Exploitation of this vulnerability allows for a local bypass of security features in Microsoft Office Word, specifically OLE mitigations that protect users from vulnerable COM/OLE controls.
Remediation
Users can apply the security update for this vulnerability, which is available through the Microsoft Update Catalog. Instructions for downloading the update can be found in the Microsoft Office LTSC 2024 and 2021 release notes, as well as the Microsoft 365 Apps for Enterprise security update guidance.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.