PTA warns users against Microsoft Office due to security risks

• PTA warns users of high-severity vulnerabilities in Microsoft products.
• Vulnerabilities target specific components of Microsoft Office products: Visio (CVE-2024-43505).
• Ignoring these recommendations could leave systems vulnerable to targeted cyberattacks

The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory, warning users about multiple high-severity vulnerabilities in popular Microsoft products. These include Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Office LTSC 2021 and 2024, as well as several versions of Microsoft SharePoint Server.

Attackers can exploit these security flaws to execute arbitr code or escalate user privileges, posing serious threats to users and organizations that rely on these services.

According to the advisory, the vulnerabilities target specific components of Microsoft Office products: Visio (CVE-2024-43505), Excel (CVE-2024-43504), and SharePoint (CVE-2024-43503). In Visio, attackers can execute arbitr code by processing specially crafted content. Excel’s use-after-free vulnerability enables code execution through maliciously designed files. SharePoint allows authenticated attackers to escalate privileges by sending specially crafted requests.

The PTA classified these vulnerabilities as high severity and emphasized the significant security risks of delaying patches or system updates. These flaws allow local attackers to exploit systems lacking proper protection, potentially compromising sensitive data or granting unauthorized access across networks and platforms.

The advisory strongly urges users and organizations to regularly update all Microsoft products to reduce security risks. The PTA specifically recommends consulting the Microsoft Security Update Guide to apply relevant patches and ensure all software remains up to date with the latest security enhancements, especially in environments that heavily rely on enterprise applications.

The advisory further warned that ignoring these recommendations could leave systems vulnerable to targeted cyberattacks. It urged system administrators and IT departments to review their current security protocols and promptly apply the necess patches to prevent exploitation of these vulnerabilities.