Remote Code Execution Vulnerability Affects Microsoft Project
CVE-2024-38189
Key Information:
- Vendor
- Microsoft
- Status
- Microsoft Office 2019
- Microsoft 365 Apps For Enterprise
- Microsoft Project 2016
- Microsoft Office Ltsc 2021
- Vendor
- CVE Published:
- 13 August 2024
Badges
Summary
A vulnerability exists in Microsoft Project that allows for remote code execution under specific conditions. This vulnerability could be exploited when a user opens a specially crafted file designed to compromise the application, leading to unauthorized operations on the user's system. Attackers could potentially gain access to sensitive data or control over affected systems. To protect against this vulnerability, it is essential to apply the latest security updates from Microsoft and to follow best practices for file handling and security.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1
Microsoft Office 2019 32-bit Systems 19.0.0
Microsoft Office LTSC 2021 32-bit Systems 16.0.1
References
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved