Microsoft Office Out-of-Bounds Read Vulnerability Allowing Information Disclosure

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office. This issue could enable an unauthorized attacker to locally disclose information by reading small portions of heap memory. The vulnerability affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and various SharePoint Server products.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure.

Remediation

Users can download the security update for Microsoft Office 2016 (both 32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC 2021 and 2024 for Mac, the security updates will be released as soon as possible, with customers being notified via a revision to the CVE information. Microsoft 365 Apps for Enterprise users can also download the security update from the Microsoft Update Catalog. SharePoint Server users can download the security update from the Microsoft Update Catalog as well.