Cyber Security Advisory No. 368 was issued by PTA, in which the users were warned about significant flaws found in a number of Microsoft Office Apps. According to the advisory dated January 14, 2025, the threat is categorized as a high-severity vulnerability that, if exploited, might result in privilege escalation and arbitrary code execution.
As stated by the advisory, the impacted software’s are Microsoft Office 2019 (19.0.0), Microsoft Office LTSC 2021 and 2024 (16.0.1 and 1.0.0, respectively), Microsoft 365 Apps for Enterprise (16.0.1), and Microsoft SharePoint Server 2019 and SharePoint Enterprise Server 2016 (16.0.0).
A number of specific security flaws were found in SharePoint (CVE-2024-43503), Excel (CVE-2024-43504), and Visio (CVE-2024-43505).
Because of the Visio vulnerability, attackers might be able to process specially crafted documents and execute arbitrary code. In the same way, a use-after-free vulnerability in Excel exposes users to the possibility of remote code execution by malicious actors.
Because the SharePoint vulnerability may enable authenticated users to increase their rights through specially crafted requests, it is especially worrisome.
In order to stop such security breaches, the PTA underlined how urgent it is to fix these vulnerabilities. It stated that these defects pose serious dangers to businesses that use Microsoft productivity tools, particularly those who deal with private or sensitive data.
By focusing on privilege escalation, the attack vector may enable threat actors to obtain more extensive access to a compromised system.
All users and system administrators are advised by PTA to make sure that their Microsoft software is up to date in order to reduce the risks. In order to protect against known vulnerabilities, the advisory said to use the Microsoft Security Update Guide to find and apply the necessary fixes and to keep systems up to date.
Loading ...
