Microsoft released critical fixes for three closely related
remote code execution (RCE) vulnerabilities in Microsoft Outlook and Word that stem from low‑level memory‑safety flaws in the Word rendering engine and its integration with Outlook Classic.
The affected scope includes
Microsoft Office LTSC 2024 (32‑bit and 64‑bit) and other supported Word/Outlook builds that use the same rendering components.
Using Attack Surface Reduction (ASR) rules to restrict Office from spawning child processes can materially raise the bar for successful exploitation and post‑compromise actions.
Microsoft fixed three critical Outlook and Word flaws that could enable remote code execution through malicious Office documents and Outlook preview.
cybersecuritynews.com
