Microsoft Issues Critical Security Updates for Office Software

Microsoft has released critical security updates to address over 60 vulnerabilities in its Office software suite, including zero-day flaws that have already been exploited in targeted attacks, affecting Office Online Server, Microsoft 365 Apps, and Microsoft Office 2019 on both Windows and Mac platforms. The updates aim to prevent large-scale cyberattacks, financial losses, and reputational damage by patching vulnerabilities that could allow attackers to take control of affected systems." This description focuses on the primary topic of Microsoft's security updates, the main entities involved (Microsoft and its Office software suite), the context of cybersecurity threats, and the significant actions and consequences related to the subject matter. The description also provides objective and relevant details that will help an AI generate an accurate visual representation of the article's content, such as the concept of security updates, vulnerabilities, and cyberattacks.

author-image
Nimrah Khatoon
New Update
Microsoft Issues Critical Security Updates for Office Software

Microsoft Issues Critical Security Updates for Office Software

Microsoft has released a series of critical security updates for its Office software suite, addressing over 60 vulnerabilities that could potentially allow attackers to take control of affected systems. The updates, released as part of the company's May 2024 Patch Tuesday, include fixes for Office Online Server, Microsoft 365 Apps, and Microsoft Office 2019 on both Windows and Mac platforms.

Why this matters: The timely patching of critical security vulnerabilities is crucial in preventing large-scale cyberattacks that can compromise sensitive data and disrupt business operations. Failure to address these vulnerabilities can have far-reaching consequences, including financial losses, reputational damage, and legal liabilities.

Among the most concerning vulnerabilities is CVE-2024-30051, a zero-day flaw in the Windows Desktop Window Manager (DWM) Core Library that has already been exploited in targeted attacks. Classified as a heap-based buffer overflow, this vulnerability allows malicious actors to elevate their privileges to the SYSTEM level. Microsoft has assigned it a CVSS severity score of 7.8 out of 10.

Another actively exploited vulnerability, CVE-2024-30040, enables attackers to bypass security features in Microsoft 365 and Office applications. With a CVSS score of 8.8, this flaw can be leveraged to execute arbitrary code if a user opens a malicious file. Microsoft credited researchers from Kaspersky, DBAPPSecurity, and Google's Threat Analysis Group for reporting these critical issues.

The security update also addresses CVE-2024-30044, a remote code execution vulnerability in Microsoft SharePoint Server with a severity rating of 7.8. Authenticated attackers with site owner permissions can exploit this flaw to inject and execute malicious code within the SharePoint Server context.

Microsoft strongly urges all Office users and administrators to review the security advisory and apply the necessary updates immediately. "Due to the active exploitation of these vulnerabilities, it is crucial to prioritize patching to prevent further attacks," the company stated. The updates are available through the Microsoft Update service and can be installed automatically with auto-update enabled.

The May 2024 Patch Tuesday release underscores the ongoing battle against cybersecurity threats and the importance of timely software updates. With threat actors actively exploiting zero-day vulnerabilities, organizations must remain vigilant and proactive in their patch management strategies to safeguard their systems and data from potential breaches.

Key Takeaways

  • Microsoft releases critical security updates for Office software, addressing over 60 vulnerabilities.
  • Updates fix flaws in Office Online Server, Microsoft 365 Apps, and Microsoft Office 2019 on Windows and Mac.
  • Zero-day vulnerabilities CVE-2024-30051 and CVE-2024-30040 are being actively exploited in targeted attacks.
  • Updates are available through Microsoft Update service and can be installed automatically with auto-update enabled.
  • Timely patching is crucial to prevent large-scale cyberattacks and protect sensitive data and business operations.