Primary

Context

Microsoft Office Click-To-Run Privilege Escalation Vulnerability

Vulnerability

A vulnerability allowing improper access control has been identified in Microsoft Office Click-To-Run. This issue enables an authorized attacker to locally elevate privileges. The vulnerability affects multiple Office products, including Office LTSC 2024, Office LTSC 2021, Microsoft 365 Apps for Enterprise, Office 2019, and various Click-To-Run editions.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM privileges.

Remediation

Users can download the security update for their specific Office version from the Microsoft Update Catalog. For guidance on which version to download, refer to the Microsoft Office Security Updates page.

Added: May 12, 2026, 7:26 PM

Updated: May 12, 2026, 7:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Click-To-Run Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office Click-To-Run

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating