Adding to this list is another vulnerability once again troubling Microsoft’s products. The product in question is Microsoft Office, one of the most widely used computer software packages ever created, residing on billions of computers all over the world. Recently, a high-risk software vulnerability was discovered that could allow a malicious remote attacker to breach a vulnerable system that is not patched with the latest security updates.
The Microsoft Office Software Vulnerability
The Microsoft Office software vulnerability is a code injection type. The CVE ID public security flaw database code for this vulnerability is CVE-2021-38659. Public information about this software vulnerability was released on September 14th, 2021 on Microsoft’s MSRC (Microsoft Security Response Center) portal. The release report can be accessed on this page. Microsoft credits “Tran Van Khang – khangkito (VinCSS)” of Trend Micro Zero Day Initiative for the protection of the community via vulnerability disclosure.
Technical Details
Vulnerable Software Versions
The vulnerable software types and versions are as follows; Microsoft 365 Apps for Enterprise: 32-bit and 64-bit systems.
Important Information For MS Office Users
Users should not be too concerned about any remote attacks if they update sooner rather than later. Official notes about this vulnerability include “Exploitation Less Likely” and that there is no public exploit at the moment. Automatic updates must be enabled at all times, it is recommended that users check if this is the case and apply the automatic update. There are two separate updates for 32-bit and 64-bit systems. Depending on whether the user is using a 32-bit or 64-bit operating system, the update will take place automatically. Alternatively, users can check the Product Information updates section within their MS Office application and click ‘Update Now’ to update the software.
