New UAF Vulnerability Affecting Microsoft Office to be Patched Today


Level 74
Content Creator
Malware Hunter
Aug 17, 2014
Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents.

"Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers from Check Point research said in a report published today.

Three of the four flaws — tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 — have been fixed by Microsoft as part of its Patch Tuesday update for May 2021, with the fourth patch (CVE-2021-31939) to be issued in June's update rolling out later today.