Microsoft Excel Security Feature Bypass Vulnerability

A protection mechanism failure in Microsoft Office Excel allows unauthorized attackers to locally bypass security features. This vulnerability affects multiple Excel versions, including Microsoft Office 365 for Mac, Office LTSC for Mac 2021, Office LTSC for Mac 2024, and various Microsoft 365 Apps for Enterprise editions, both 32-bit and 64-bit. The vulnerability arises from a failure in the application's protection mechanisms, enabling attackers to circumvent the Office Protected View and open files directly in editing mode.

Impact

Exploitation of this vulnerability could lead to unauthorized access to some sensitive information, allowing an attacker to view data that should be protected, without compromising the integrity or availability of the information.

Remediation

Users can download the security update for Microsoft Office LTSC 2024 (both 32-bit and 64-bit editions) and for Microsoft 365 Apps for Enterprise (also in 32-bit and 64-bit) through the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2021 and 2024, as well as Microsoft 365 for Mac, security updates will be released as soon as possible, with customers being notified when they are available.