Microsoft Office Word Untrusted Pointer Dereference Vulnerability Leading to Remote Code Execution

A vulnerability allowing remote code execution has been identified in Microsoft Office Word. This issue arises from an untrusted pointer dereference, which could enable an unauthorized attacker to execute code on the local machine. The vulnerability affects multiple versions of Microsoft Word, including the 2016, 2019, and 2021 releases, as well as various editions of Microsoft Office LTSC and Microsoft 365 for Mac. The issue requires user interaction, as an attacker must send a malicious Office file and convince the user to open it.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security update for Microsoft Word 2016 (both 32-bit and 64-bit editions) from the Microsoft Update Catalog. For Microsoft Office LTSC and Microsoft 365 for Mac, the security updates will be released as soon as possible, with customers being notified when they are available. Users of Microsoft SharePoint Server Subscription Edition can also download the security update from the Microsoft Update Catalog.