Microsoft Outlook and Word Remote Code Execution Vulnerability
Summary
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Affected products named by the advisory: Microsoft SharePoint Enterprise Server 2016; Microsoft SharePoint Server 2019; Microsoft SharePoint Server Subscription Edition.
What this means
In plain English
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Affected products named by the advisory: Microsoft SharePoint Enterprise Server 2016; Microsoft SharePoint Server 2019; Microsoft SharePoint Server Subscription Edition. Successful exploitation can let an attacker run code in the security context of the affected service or device.
Vulnerable items
- Microsoft SharePoint Enterprise Server 2016 — Microsoft SharePoint Enterprise Server 2016 is a Microsoft Server server component identified as affected by the official advisory.
- Microsoft SharePoint Server 2019 — Microsoft SharePoint Server 2019 is a Microsoft Server server component identified as affected by the official advisory.
- Microsoft SharePoint Server Subscription Edition — Microsoft SharePoint Server Subscription Edition is a Microsoft Server server component identified as affected by the official advisory.
Recommended action
Primary action: update to a vendor-listed fixed release: 16.110.26061317, 16.0.5556.1005, 16.0.10417.20153, 16.0.19725.20384, 16.0.5556.1000.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- Microsoft 365 Apps for Enterprise 16.0.1 before https://aka.ms/OfficeSecurityReleases
- Microsoft Office 2019 19.0.0 before https://aka.ms/OfficeSecurityReleases
- Microsoft Office 365 for Mac 1.0.0 before 16.110.26061317
- Microsoft Office LTSC 2021 16.0.1 before https://aka.ms/OfficeSecurityReleases
- Microsoft Office LTSC 2024 16.0.0 before https://aka.ms/OfficeSecurityReleases
- Microsoft Office LTSC for Mac 2021 16.0.1 before 16.110.26061317
- Microsoft Office LTSC for Mac 2024 16.0.0 before 16.110.26061317
- Microsoft SharePoint Enterprise Server 2016 16.0.0 before 16.0.5556.1005
- Microsoft SharePoint Server 2019 16.0.0 before 16.0.10417.20153
- Microsoft SharePoint Server Subscription Edition 16.0.0 before 16.0.19725.20384
- Microsoft Word 2016 16.0.1 before 16.0.5556.1000
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
- https://aka.ms/OfficeSecurityReleases
- 16.110.26061317
- 16.0.5556.1005
- 16.0.10417.20153
- 16.0.19725.20384
- 16.0.5556.1000
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Mitigation
Upgrade to a fixed release: https://aka.ms/OfficeSecurityReleases, 16.110.26061317, 16.0.5556.1005, 16.0.10417.20153, 16.0.19725.20384, 16.0.5556.1000. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.