Microsoft Office Information Disclosure Vulnerability
Summary
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. Affected products named by the advisory: Microsoft SharePoint Enterprise Server 2016; Microsoft SharePoint Server 2019; Microsoft SharePoint Server Subscription Edition.
What this means
In plain English
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. Affected products named by the advisory: Microsoft SharePoint Enterprise Server 2016; Microsoft SharePoint Server 2019; Microsoft SharePoint Server Subscription Edition. Information disclosure can expose data available to the affected component beyond its intended authorization boundary.
Vulnerable items
- Microsoft SharePoint Enterprise Server 2016 — Microsoft SharePoint Enterprise Server 2016 is a Microsoft Server server component identified as affected by the official advisory.
- Microsoft SharePoint Server 2019 — Microsoft SharePoint Server 2019 is a Microsoft Server server component identified as affected by the official advisory.
- Microsoft SharePoint Server Subscription Edition — Microsoft SharePoint Server Subscription Edition is a Microsoft Server server component identified as affected by the official advisory.
Recommended action
Primary action: update to a vendor-listed fixed release: 16.0.5556.1005, 16.110.26061317, 16.0.10417.20153, 16.0.19725.20384.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- Microsoft 365 Apps for Enterprise 16.0.1 before https://aka.ms/OfficeSecurityReleases
- Microsoft Office 2016 16.0.0 before 16.0.5556.1005
- Microsoft Office 2019 19.0.0 before https://aka.ms/OfficeSecurityReleases
- Microsoft Office 365 for Mac 1.0.0 before 16.110.26061317
- Microsoft Office LTSC 2021 16.0.1 before https://aka.ms/OfficeSecurityReleases
- Microsoft Office LTSC 2024 16.0.0 before https://aka.ms/OfficeSecurityReleases
- Microsoft Office LTSC for Mac 2021 16.0.1 before 16.110.26061317
- Microsoft Office LTSC for Mac 2024 16.0.0 before 16.110.26061317
- Microsoft SharePoint Enterprise Server 2016 16.0.0 before 16.0.5556.1005
- Microsoft SharePoint Server 2019 16.0.0 before 16.0.10417.20153
- Microsoft SharePoint Server Subscription Edition 16.0.0 before 16.0.19725.20384
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
- https://aka.ms/OfficeSecurityReleases
- 16.0.5556.1005
- 16.110.26061317
- 16.0.10417.20153
- 16.0.19725.20384
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Mitigation
Upgrade to a fixed release: https://aka.ms/OfficeSecurityReleases, 16.0.5556.1005, 16.110.26061317, 16.0.10417.20153, 16.0.19725.20384. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.