Request a Demo
Rewterz
Snake Keylogger Malware – Active IOCs
January 16, 2025
Rewterz
FormBook Malware – Active IOCs
January 16, 2025

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-21402 CVSS:7.8

Microsoft Office OneNote Remote Code Execution Vulnerability

CVE-2025-21365 CVSS:7.8

Microsoft Office Remote Code Execution Vulnerability

CVE-2025-21346 CVSS:7.1

Microsoft Office Security Feature Bypass Vulnerability

CVE-2024-49065 CVSS:5.5

Microsoft Office could allow a local attacker to execute arbitrary code on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43600 CVSS:7.8

Microsoft Office could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to escalate privileges.

CVE-2025-21364 CVSS:7.8

Microsoft Excel Security Feature Bypass Vulnerability.

CVE-2025-21354 CVSS:7.8

Microsoft Excel Remote Code Execution Vulnerability.

CVE-2024-49069 CVSS:7.8

Microsoft Excel could allow a local attacker to execute arbitrary code on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Code Execution
  • Security Bypass
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2025-21402

  • CVE-2025-21365

  • CVE-2025-21346

  • CVE-2024-49065

  • CVE-2024-43600

  • CVE-2025-21364

  • CVE-2025-21354

  • CVE-2024-49069

Affected Vendors

Microsoft

Affected Products

  • Microsoft 365 Apps for Enterprise - 16.0.1
  • Microsoft Office 2019 - 19.0.0
  • Microsoft Office LTSC 2021 - 16.0.1
  • Microsoft Office LTSC for Mac 2021 - 16.0.1
  • Microsoft SharePoint Enterprise Server 2016 - 16.0.0
  • Microsoft SharePoint Server 2019 - 16.0.0
  • Microsoft Microsoft Office LTSC 2024 - 1.0.0
  • Microsoft Office LTSC for Mac 2024 - 1.0.0
  • Microsoft Office LTSC 2024 - 1.0.0
  • Microsoft Excel 2016 - 16.0.0.0
  • Microsoft OneNote - 1.0.0
  • Microsoft Office Online Server - 1.0.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-21402

CVE-2025-21365

CVE-2025-21346

CVE-2024-49065

CVE-2024-43600

CVE-2025-21364

CVE-2025-21354

CVE-2024-49069