⚠ Actively exploited
Added to CISA KEV on 2024-09-10. Federal agencies required to patch by 2024-10-01. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-38226Protection Mechanism Failure in Microsoft Office 2019

CWE-693Protection Mechanism Failure8 documents7 sources
Severity
7.3HIGHNVD
EPSS
1.4%
top 19.30%
CISA KEV
KEV
Added 2024-09-10
Due 2024-10-01
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Microsoft Office 2019Microsoft Office Ltsc 2021Microsoft Publisher 2016+2 more
Timeline
PublishedSep 10
KEV addedSep 10
KEV dueOct 1
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Microsoft Publisher Security Feature Bypass Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages5 packages

CVEListV5microsoft/microsoft_publisher_201616.0.016.0.5465.1001
CVEListV5microsoft/microsoft_office_201919.0.0https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_office_ltsc_202116.0.1https://aka.ms/OfficeSecurityReleases

Patches

Patch: msrc.microsoft.com

🔴Vulnerability Details

3
CVEList
Microsoft Publisher Security Feature Bypass Vulnerability2024-09-10
GHSA
GHSA-rf2v-qj9w-x393: Microsoft Publisher Security Feature Bypass Vulnerability2024-09-10
VulnCheck
Microsoft Publisher Protection Mechanism Failure Vulnerability2024

📋Vendor Advisories

2
CISA
Microsoft Publisher Protection Mechanism Failure Vulnerability2024-09-10
Microsoft
Microsoft Publisher Security Feature Bypass Vulnerability2024-09-10

🕵️Threat Intelligence

2
Talos
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score2024-09-10
Talos
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score2024-09-10
CVE-2024-38226 — Protection Mechanism Failure | cvebase