Microsoft Office Software Vulnerability

Photo of Microsoft Office App

In just two days, reports of software vulnerabilities affecting products released by market-leading software vendors have seen a higher frequency of reported issues. Key software products that are used around the globe on countless systems and computers, such as software belonging to Apple and Microsoft, have been on the agenda more than once in a short span of time. Microsoft suffered cloud breaches, issues with MSHTML, and phishing while Apple has grappled with web browser security flaws and dangerous spyware scenarios.

Adding to this list is another vulnerability once again troubling Microsoft’s products. The product in question is Microsoft Office, one of the most widely used computer software packages ever created, residing on billions of computers all over the world. Recently, a high-risk software vulnerability was discovered that could allow a malicious remote attacker to breach a vulnerable system that is not patched with the latest security updates.

The Microsoft Office Software Vulnerability

The Microsoft Office software vulnerability is a code injection type. The CVE ID public security flaw database code for this vulnerability is CVE-2021-38659. Public information about this software vulnerability was released on September 14th, 2021 on Microsoft’s MSRC (Microsoft Security Response Center) portal. The release report can be accessed on this page. Microsoft credits “Tran Van Khang – khangkito (VinCSS)” of Trend Micro Zero Day Initiative for the protection of the community via vulnerability disclosure.

Technical Details

The vulnerability allows a remote attacker to execute arbitrary code on the target system (that is not patched.) The vulnerability exists due to improper input validation in Microsoft Office. A remote attacker can execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.

Vulnerable Software Versions

The vulnerable software types and versions are as follows;

Microsoft 365 Apps for Enterprise: 32-bit and 64-bit systems.

Important Information For MS Office Users

Users should not be too concerned about any remote attacks if they update sooner rather than later. Official notes about this vulnerability include “Exploitation Less Likely” and that there is no public exploit at the moment.

Automatic updates must be enabled at all times, it is recommended that users check if this is the case and apply the automatic update. There are two separate updates for 32-bit and 64-bit systems. Depending on whether the user is using a 32-bit or 64-bit operating system, the update will take place automatically. Alternatively, users can check the Product Information updates section within their MS Office application and click ‘Update Now’ to update the software.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.