Recently, a Cyber Security Advisory was released by the PTA is which they have alerted users about multiple numbers of high-severity flaws in the apps of MS Office. Some of the apps with high security flaws in MS Office are Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021 and 2024, and different iterations of Microsoft SharePoint Server.
If taken advantage of, these security shortcomings can provide the hackers the ability to expand user privileges or run arbitrary code. It would be extremely harmful for the users of said programs and businesses who use these programs.
Specific components of Microsoft Office programs are vulnerable, according to the advisory: Visio (CVE-2024-43505), Excel (CVE-2024-43504), and SharePoint (CVE-2024-43503). Processing specially created content in Visio may result in arbitrary code execution. Excel includes a use-after-free flaw that could allow maliciously created files to execute code.
A vulnerability in SharePoint enables authorized attackers to escalate privileges through carefully constructed requests. The PTA highlighted the serious security concerns connected to postponing patching or system updates by classifying these vulnerabilities as severe in severity.
If proper safeguards are not in place, the vulnerabilities’ nature permits local attackers to take advantage of systems, possibly jeopardizing private information or permitting illegal access across platforms and networks.
In order to reduce the risks, the advisory strongly advises individuals and businesses to update all Microsoft programs on a regular basis.
Particularly in settings where enterprise apps are widely used, the PTA advised consulting the Microsoft Security Update Guide to deploy pertinent updates and make sure all software is current with the newest security enhancements.
The advisory also alerted that if these suggestions are not implemented, the systems could become prone to intended cyberattacks. To counter misuse of these liabilities, system administrators and IT departments are encouraged to inspect their current security procedures and instantly deploy any necessary fixes.
