Publisher Security Feature Bypass Vulnerability
CVE-2024-38226

7.3HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft Office Ltsc 2021; Microsoft Publisher 2016
Vendor: CVE Published:; 10 September 2024

Badges

👾 Exploit Exists🦅 CISA Reported

Summary

A security feature bypass in Microsoft Publisher enables attackers to circumvent intended security mechanisms, potentially leading to unauthorized actions within the application. This vulnerability affects multiple versions of Microsoft Publisher, emphasizing the need for users to apply patches and updates provided by Microsoft to maintain the security integrity of their software. Comprehensive awareness and prompt action are crucial to mitigate risks associated with this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

Microsoft Publisher 2016 32-bit Systems 16.0.0 < 16.0.5465.1001

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 10, 2024
🦅
CISA Reported
Sep 10, 2024
Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Jun 11, 2024