Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Microsoft announced a new remote code execution vulnerability that affects Office.

Successfull exploitation can lead to remote code execution.

Affected Systems

• Microsoft Office 2013 Service Pack 1 (64-bit editions)
• Microsoft Office 2013 Service Pack 1 (32-bit editions)
• Microsoft Office 2013 RT Service Pack 1
• Microsoft Office 2016 (64-bit edition)
• Microsoft Office 2016 (32-bit edition)
• Microsoft Office LTSC 2021 for 32-bit editions
• Microsoft Office LTSC 2021 for 64-bit editions
• Microsoft Office LTSC for Mac 2021
• Microsoft 365 Apps for Enterprise for 64-bit Systems
• Microsoft 365 Apps for Enterprise for 32-bit Systems
• Microsoft Office 2019 for Mac
• Microsoft Office 2019 for 64-bit editions
• Microsoft Office 2019 for 32-bit editions

IoC’s

-

Recommended Solution(s)

Organizations using the above-mentioned products are recommended to apply applicable patches mentioned in https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38048 .

CVE / CWE

CVE-2022-38048

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2022-38048

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.