CVE-2025-24078
📋 TL;DR
A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on affected systems by tricking users into opening malicious documents. This affects users running vulnerable versions of Microsoft Word on Windows systems. Successful exploitation requires user interaction to open a specially crafted document.
💻 Affected Systems
- Microsoft Office Word
📦 What is this software?
365 Apps by Microsoft
365 Apps by Microsoft
Office by Microsoft
Office by Microsoft
Office Long Term Servicing Channel by Microsoft
View all CVEs affecting Office Long Term Servicing Channel →
Office Long Term Servicing Channel by Microsoft
View all CVEs affecting Office Long Term Servicing Channel →
Office Long Term Servicing Channel by Microsoft
View all CVEs affecting Office Long Term Servicing Channel →
Office Long Term Servicing Channel by Microsoft
View all CVEs affecting Office Long Term Servicing Channel →
Office Long Term Servicing Channel by Microsoft
View all CVEs affecting Office Long Term Servicing Channel →
Office Long Term Servicing Channel by Microsoft
View all CVEs affecting Office Long Term Servicing Channel →
Word by Microsoft
Word by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's computer, enabling data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local code execution with the privileges of the current user, potentially leading to credential theft, data exfiltration, or installation of persistent malware.
If Mitigated
Limited impact due to application sandboxing, antivirus detection, or user account restrictions preventing privilege escalation.
🎯 Exploit Status
Exploitation requires social engineering to deliver malicious document. No known public exploits as of analysis date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest security update from Microsoft (specific version in advisory)
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24078
Restart Required: No
Instructions:
1. Open Microsoft Word. 2. Go to File > Account > Update Options > Update Now. 3. Install all available updates. 4. Alternatively, use Windows Update for Office updates.
🔧 Temporary Workarounds
Disable macros and ActiveX
allPrevents execution of potentially malicious embedded content in Word documents
Use Protected View
allForces documents from untrusted sources to open in read-only Protected View mode
🧯 If You Can't Patch
- Restrict Word document execution via application control policies
- Implement email filtering to block suspicious Word attachments
🔍 How to Verify
Check if Vulnerable:
Check Word version against patched versions in Microsoft Security Update GuideCheck Version:
In Word: File > Account > About WordVerify Fix Applied:
Verify Word has latest updates installed via File > Account > About Word📡 Detection & Monitoring
Log Indicators:
- Word crash logs with memory access violations
- Unexpected child processes spawned from WINWORD.EXE
Network Indicators:
- Unusual outbound connections following Word document opening
SIEM Query:
Process creation where parent_process contains 'WINWORD.EXE' AND (process_name contains 'powershell' OR process_name contains 'cmd')