CVE-2024-38226

Warning

EPSS 3.75%
Published 10.09.2024 17:15:25
Last modified 12.09.2024 01:00:01
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Publisher Security Feature Bypass Vulnerability

Affected products Warnungen 1 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Office Version2019 HwPlatformx64

Microsoft ≫ Office Version2019 HwPlatformx86

Microsoft ≫ Office Version2021 SwEditionltsc HwPlatformx64

Microsoft ≫ Office Version2021 SwEditionltsc HwPlatformx86

Microsoft ≫ Publisher Version2016 HwPlatformx64

Microsoft ≫ Publisher Version2016 HwPlatformx86

10.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Publisher Protection Mechanism Failure Vulnerability

Vulnerability

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.75%	0.876

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38226

EUVD