| | |

Microsoft Office Vulnerabilities Allow Remote Execution of Malicious Code by Attackers

ByAdmin

Microsoft has released critical security updates to address three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems. These vulnerabilities, tracked as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, affect multiple versions of Microsoft Office, posing significant security risks to organisations and individual users worldwide. Key takeaways include the fact that critical Office flaws enable code execution via document preview, all Office versions from 2016 to 2024 are affected, and patches were released on August 12, necessitating immediate installation. The vulnerabilities stem from use-after-free memory corruption issues, classified under CWE-416 in the Common Weakness Enumeration database. CVE-2025-53731 and CVE-2025-53740 received critical severity ratings with CVSS base scores of 8.4, while CVE-2025-53730, affecting Microsoft Office Visio, was rated as important with a CVSS score of 7.8.

The vulnerabilities share a common attack pattern, allowing unauthorised attackers to exploit memory management flaws to execute arbitrary code locally on target systems. Technical specifications reveal concerning attack vectors, with both critical vulnerabilities featuring a CVSS vector string indicating low attack complexity, no privileges required, and no user interaction needed for exploitation. Particularly alarming is that the Preview Pane serves as an attack vector for CVE-2025-53731 and CVE-2025-53740, meaning users could be compromised simply by previewing malicious Office documents. The vulnerabilities affect a wide range of Microsoft Office products, including Microsoft Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 Apps for Enterprise across both 32-bit and 64-bit architectures. Mac users are also at risk, with Microsoft Office LTSC for Mac 2021 and 2024 versions requiring immediate updates. The widespread impact encompasses millions of users across corporate and consumer environments globally. Security researchers from the Vulnerability Research Institute and Zscaler’s ThreatLabz were credited with discovering these vulnerabilities through coordinated disclosure processes. Microsoft’s Security Response Center has confirmed that none of these vulnerabilities have been publicly disclosed or exploited in the wild, with exploitability assessments ranging from “Exploitation Unlikely” to “Exploitation Less Likely.” 

Categories: Vulnerabilities, Microsoft Office, Security Updates 

Tags: Microsoft, Office, Vulnerabilities, Remote Code Execution, CVE-2025-53731, CVE-2025-53740, CVE-2025-53730, Critical, Patches, Security 

Similar Posts

Weekly Cybersecurity News Roundup: Key Security Updates from Microsoft, Cisco, and Fortinet, Plus Recent Cyber Attack Insights Stay informed with our latest weekly recap of cybersecurity news, featuring essential security updates from industry leaders Microsoft, Cisco, and Fortinet. We also delve into recent cyber attacks, providing insights into emerging threats and vulnerabilities. Don’t miss out on crucial information that can help safeguard your digital assets!

Leave a Reply

Your email address will not be published. Required fields are marked *