Microsoft has launched patches for 2 vital vulnerabilities in Microsoft Workplace that might enable attackers to execute malicious code on affected programs.
The issues, tracked as CVE-2025-54910 and CVE-2025-54906, have been disclosed on September 9, 2025, and have an effect on varied variations of the favored productiveness suite.
Whereas Microsoft has assessed exploitation as “much less probably” for each vulnerabilities right now, their potential for distant code execution warrants rapid consideration from customers and directors.
The vulnerabilities differ of their exploitation strategies and severity, with one being rated as Crucial and the opposite as Necessary.
Crucial Microsoft Workplace Vulnerabilities
The extra extreme of the 2 flaws, CVE-2025-54910, is a Crucial-rated heap-based buffer overflow vulnerability.
One of these weak spot, cataloged as CWE-122, can enable an unauthorized attacker to execute arbitrary code regionally on a goal machine. A very harmful side of this vulnerability is that the Preview Pane in Microsoft Workplace serves as an assault vector.
Which means an attacker might doubtlessly set off the exploit with none interplay from the person past them merely receiving and viewing a malicious file in an Explorer window.
Though the assault is executed regionally, the time period “distant” within the vulnerability’s title refers back to the attacker’s location, highlighting that they don’t want prior entry to the sufferer’s machine.
The second vulnerability, CVE-2025-54906, is rated as Necessary and stems from a Use-After-Free situation, tracked as CWE-416.
This flaw additionally permits distant code execution, however its exploitation vector differs considerably from the heap-based overflow. To take advantage of this vulnerability, an attacker should craft a malicious file and socially engineer the person into opening it.
In contrast to the opposite flaw, the Preview Pane is just not an assault vector for CVE-2025-54906, that means the person should actively have interaction with the malicious content material.
This requirement for person interplay is a key cause for its decrease severity score in comparison with the Preview Pane vulnerability.
Mitigations
Microsoft has launched safety updates to handle these vulnerabilities for many affected software program. The corporate advises prospects to use all updates supplied for the software program put in on their programs to make sure complete safety.
It ought to be famous that safety updates for Microsoft Workplace LTSC for Mac 2021 and 2024 usually are not instantly obtainable however will probably be launched shortly.
Microsoft will notify prospects via a revision to the CVE info as soon as these updates are prepared. Given the intense nature of distant code execution flaws, customers are strongly inspired to put in the patches as quickly as doable to mitigate the chance of potential exploitation.
Discover this Story Fascinating! Comply with us on Google Information, LinkedIn, and X to Get Extra Immediate Updates.
