Microsoft Excel Information Disclosure Vulnerability

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office Excel. This issue could enable an unauthorized attacker to locally disclose information by reading small portions of heap memory. The vulnerability affects multiple versions of Excel, including Excel 2016 (both 32-bit and 64-bit editions), Office LTSC for Mac 2024, Office LTSC 2024 for 32-bit and 64-bit editions, Office LTSC 2021 for 32-bit and 64-bit editions, Office LTSC for Mac 2021, Microsoft 365 Apps for Enterprise for 32-bit and 64-bit systems, Office 2019 for 32-bit and 64-bit editions, and Office Online Server.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure.

Remediation

Users can download the security update for Microsoft Excel 2016 (32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2024, the security update is available through the Mac App Store. Office LTSC 2024 for 32-bit and 64-bit editions also has a security update available. Microsoft 365 Apps for Enterprise users can download the security update from the Microsoft Update Catalog. For Office 2019, the security update is available through the Microsoft Update Catalog. Office Online Server users can download the security update from the Microsoft Update Catalog.