—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in Microsoft Word 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Microsoft Office LTSC for Mac 2024

Microsoft Office LTSC for Mac 2021

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft 365 Apps for Enterprise for 32-bit Systems

Overview

A vulnerability has been reported in Microsoft Word which could allow an unauthorized attacker to execute arbitrary code locally on the targeted system.

 

Target Audience

All end-user organizations and individuals managing Microsoft Word.

Risk Assessment

High risk of remote code execution and system compromise.

Impact Assessment

Potential for unauthorized access, data theft, or execution of malicious code.

Description

Microsoft Word (or MS Word) is a word processing program by Microsoft for creating, editing, formatting, and printing documents like letters, reports, and resumes, offering features such as spell check, tables, images, and collaboration tools, and is a core part of the Microsoft Office Suite.

This vulnerability exists due to an out-of-bounds read in Microsoft word. A remote attacker could exploit this vulnerability by sending a malicious file and convincing a victim to open it.

Successful exploitation of this vulnerability could allow an unauthorized attacker to execute arbitrary code locally on the targeted system.

Solution

Apply appropriate security updates as mentioned in

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944

References

 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944

CVE Name

CVE-2025-20944

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlvkpwACgkQ3jCgcSdc

ys+DgQ/9GFtUbPSDiQ7NaQinAIf9IdK3jBSCj52rCD4snW/6xtYGD0TPrSVTXMOC

Ec2O71xhc1C2I/huVyJnNh/carxr4pzZ2kpvC6pNBihWYTjfxCfYit2MAJaVA8nw

wQRmDYpIXQvUc2pL12d/3tfImnAHTphL6K2/KyHIpFBvqTX1+7vnZYIAuE/Tyrt/

cDSgaDXXYevkrw7dMUd2+8f+p69GQjvEZj/pUqajNzU3wr+U3vPpB6LgSjDOyWvQ

9CX6Lopo8bWi5oaYXqC08LvMFTE0fUR9WDhwYIhPsRuV0WOwXRBdMsFpm+5A8trm

JwHU+ZlWGQMhZ0LpJoR6cvX6KEeQkGxTuSaOhURBIFVaFgYedfpD+AuyJBPGvXtc

l3BFHccyaBo1VyOOnfJibDUN0kt2sUqelGID6BZNt3dy22UlesmnSW41gqh8iaPa

BrTOL/KGBl+lhBGwVJCekIi3ZXpBHGpbqsKwsfZlUyngW7ythp7Zjek7fMjsuqcA

3+rWVGQOlgaa83UzoqkEBUVYhh6iH4blvBNxmKm17FtreAYNYgJqVT14AumL5RQw

CqDLtPSpjsPLwi/GiO2NtE67xOvy4rbkLlqh5U36ghNFCVtxUVx5USEmqUzt7Mx1

COBu8nnCqvheIwI7vtza5bgzf8bqlQyEuDPktv/sRclUL1Ft/ZE=

=JHNl

—–END PGP SIGNATURE—–