PTA Warns Against New Security Flaws Found in Microsoft Office Apps

ISLAMABAD: The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory warning of multiple high-severity vulnerabilities in widely used Microsoft products, including Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Office LTSC 2021 and 2024, and various versions of Microsoft SharePoint Server.

These security flaws, if exploited, can allow attackers to execute arbitrary code or escalate user privileges, posing serious threats to users and organizations relying on these services.

According to the advisory, the vulnerabilities affect specific components of Microsoft Office products: Visio (CVE-2024-43505), Excel (CVE-2024-43504), and SharePoint (CVE-2024-43503). In Visio, arbitrary code execution could occur when specially crafted content is processed. Excel has a use-after-free vulnerability that could enable code execution through maliciously designed files. SharePoint contains a flaw that allows authenticated attackers to escalate privileges via specially crafted requests.

The PTA classified these vulnerabilities as high in severity, emphasizing the significant security risks associated with delayed patching or system updates. The nature of the vulnerabilities allows local attackers to exploit systems if adequate protections are not in place, potentially compromising sensitive data or enabling unauthorized access across networks and platforms.

According to the advisory, users and organizations are strongly urged to regularly update all Microsoft products to mitigate the risks. The PTA specifically recommended referring to the Microsoft Security Update Guide to apply relevant patches and ensure all software is up to date with the latest security improvements, especially in environments where enterprise applications are extensively used.

Read more: Rohit Sharma Decides to Quit After Rumors of Getting Axed From Captaincy

The advisory further warned that failure to act on these recommendations could expose systems to targeted cyberattacks. System administrators and IT departments are advised to review their current security protocols and apply necessary patches without delay to avoid exploitation of these vulnerabilities.