A high-severity vulnerability has been identified in multiple Microsoft Office products. This flaw, a "Use After Free" condition, could allow an attacker to execute malicious code on a user's computer if they open a specially crafted Office document, potentially leading to a full system compromise.

This is a Use After Free memory corruption vulnerability. An attacker can exploit this by creating a malicious Microsoft Office file (e.g., a Word document or Excel spreadsheet) and convincing a user to open it. When the document is opened, the Office application attempts to access a portion of memory that has already been deallocated, causing a crash or allowing the attacker to execute arbitrary code with the same permissions as the logged-in user.

This vulnerability is rated as High severity with a CVSS score of 8.4. Successful exploitation could lead to a complete compromise of the affected endpoint. An attacker could install malware (including ransomware or keyloggers), exfiltrate sensitive corporate or personal data, or use the compromised machine as a pivot point to move laterally across the internal network. This poses a significant risk to data confidentiality, integrity, and availability, and could result in financial loss, reputational damage, and operational disruption.

Immediate Action: Apply the security updates provided by Microsoft across all affected endpoints without delay. Following the patching process, monitor endpoints for any signs of exploitation attempts and review system and application access logs for anomalous activity originating from Microsoft Office applications.

Proactive Monitoring: Implement enhanced monitoring on endpoints. Look for suspicious child processes spawned by Office applications (e.g., winword.exe or excel.exe launching powershell.exe, cmd.exe, or wscript.exe). Monitor for unusual network traffic originating from Office processes to unknown external IP addresses. Endpoint Detection and Response (EDR) systems should be configured to alert on memory-based attacks and unusual process behavior.

Compensating Controls: If immediate patching is not feasible, enforce Microsoft Office Protected View for all documents originating from the internet or other untrusted sources. This opens files in a restricted, sandboxed mode, which can prevent the exploit from executing successfully. Additionally, utilize application control policies to block Office applications from creating executable child processes.

Public Exploit Available: false

Given the high CVSS score and the potential for complete system compromise via a common attack vector (malicious documents), this vulnerability requires immediate attention. Organizations are strongly advised to prioritize the deployment of the vendor-supplied security patches to all workstations and servers with Microsoft Office installed. Although there is no current evidence of active exploitation, the risk profile is high, and proactive patching is the most effective defense to prevent future attacks.