Microsoft has released an unscheduled security update for Microsoft Office to close a critical zero-day vulnerability that is already being actively exploited for attacks. The update was made available at short notice as there is a high risk for users running unpatched versions of Office.
Vulnerability in Microsoft Office
The vulnerability allows attackers to bypass Microsoft Office protection mechanisms by using specially prepared documents. When such a file is opened, malicious content can be downloaded or executed without any further interaction being required. Technically, the problem concerns the processing of OLE and COM objects, which should actually be blocked or restricted by security functions. According to Microsoft, these protection mechanisms are bypassed in certain cases.
Which Office versions are affected
Several current and older Office versions are affected, including Microsoft 365 Apps for Enterprise, Office 2016, Office 2019 and LTSC versions 2021 and 2024, each in 32- and 64-bit versions. The Microsoft Security Response Center classifies the vulnerability as “high”. It is particularly critical that attacks based on this vulnerability have already been observed in practice, which makes it necessary to act quickly.
For Microsoft 365 users, protection is usually provided automatically via the regular update mechanisms. The prerequisite is that the Office applications are completely restarted after the update. For older or locally installed Office versions, the security updates provided must be installed manually. Microsoft recommends doing this immediately.
Update strongly recommended
Especially in corporate environments, it should be checked whether all affected systems have already been updated. If central update or patch management systems are used, updates must be released and distributed promptly. Due to the active exploitation of the vulnerability, this is not an optional update, but an urgently required security measure. The incident underlines once again that Office applications continue to be an attractive target for attackers. Regular updates and consistent patch management remain crucial to minimize security risks in everyday use.
