Microsoft disclosed two significant vulnerabilities affecting its Office and Excel products as part of its December Patch Tuesday updates.
These vulnerabilities tracked as CVE-2024-49059 and CVE-2024-49069, pose serious security risks by enabling attackers to execute remote code or escalate privileges under specific conditions.
CVE-2024-49059: Microsoft Office Elevation Of Privilege Vulnerability
CVE-2024-49059 is an elevation of privilege vulnerability in Microsoft Office, rated as “Important” with a CVSS score of 7.0.
This flaw stems from improper link resolution before file access (CWE-59), allowing attackers to exploit it to gain SYSTEM-level privileges. The attack vector is local, with a high level of complexity due to the need for an attacker to win a race condition.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Although no active exploitation or public disclosure has been reported, administrators are advised to apply the official security updates promptly.
Microsoft has confirmed that the Preview Pane is not an attack vector for this vulnerability.
CVE-2024-49069: Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49069 affects Microsoft Excel and is classified as a remote code execution (RCE) vulnerability with a CVSS score of 7.8. This Important severity issue arises from a Use After Free weakness (CWE-416).
Exploitation requires user interaction, where an attacker convinces a victim to open a maliciously crafted Excel document. Once executed, the attacker can gain control within the user’s context.
Microsoft clarified that while the attack vector is local, the term remote in the title refers to the attacker’s location.
Exploitation is less likely but remains a serious concern for users who may inadvertently open malicious files.
Mitigation And Recommendations
Microsoft has released patches for both vulnerabilities across various versions of Office and Excel, including Office 2016, Office LTSC 2021/2024, and Microsoft 365 Apps for Enterprise.
Users are urged to install these updates immediately to mitigate potential risks. Both vulnerabilities highlight the importance of maintaining up-to-date software and practicing caution when handling files from unknown sources.
Security teams should prioritize patch deployment and monitor systems for unusual behavior indicative of exploitation attempts.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free