A high-severity vulnerability has been discovered in Microsoft Office Visio that could allow an attacker to take control of an affected system. An attacker could exploit this flaw by tricking a user into opening a specially crafted Visio file, which would then allow them to run malicious code. This could lead to data theft, malware installation, or a complete compromise of the user's computer.

This is a Use-After-Free vulnerability within Microsoft Office Visio. The flaw occurs when the application attempts to access a memory location after it has been deallocated (freed). An attacker can exploit this by creating a malicious Visio file that, when opened, manipulates the application's memory management to trigger this condition, leading to memory corruption. A successful exploit allows the attacker to execute arbitrary code in the context of the current user, granting them the same permissions as the victim.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could have a significant negative impact on the business. An attacker could execute code to install ransomware, deploy spyware to steal sensitive corporate data, or use the compromised machine as a pivot point to move laterally across the network. The primary risks to the organization include data breaches, financial loss from ransomware, reputational damage, and disruption of business operations.

Immediate Action: Apply the security updates provided by Microsoft across all affected endpoints immediately. Prioritize patching for systems used by high-value targets or those with access to sensitive information. After patching, monitor for any signs of exploitation attempts by reviewing application and system logs for unusual activity related to Visio.

Proactive Monitoring: Implement enhanced monitoring on endpoints where Visio is installed. Security teams should look for anomalous process behavior, such as visio.exe spawning child processes like powershell.exe or cmd.exe. Monitor network traffic for unexpected outbound connections from the Visio process and use Endpoint Detection and Response (EDR) tools to detect suspicious memory access patterns or process injection techniques.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Ensure Microsoft Office Protected View is enabled to open documents from untrusted sources in a sandboxed environment. Use Attack Surface Reduction (ASR) rules to block Office applications from creating child processes. Reinforce user security awareness training, specifically warning against opening unsolicited Visio files from external sources.

Public Exploit Available: false

Given the high severity (CVSS 7.8) and the potential for remote code execution, this vulnerability poses a significant risk to the organization. Although it is not currently listed on the CISA KEV list, its potential for use in widespread phishing attacks warrants immediate attention. We strongly recommend that all affected versions of Microsoft Office Visio are patched immediately. If patching is delayed, the compensating controls and proactive monitoring outlined above must be implemented as a matter of priority to mitigate the risk of compromise.