CVE-2025-60728
📋 TL;DR
This vulnerability in Microsoft Office Excel involves an untrusted pointer dereference that could allow an attacker to read sensitive memory contents. It affects users opening malicious Excel files, potentially exposing confidential information. The attack requires user interaction to open a specially crafted document.
💻 Affected Systems
- Microsoft Office Excel
📦 What is this software?
365 Apps by Microsoft
365 Apps by Microsoft
Office Long Term Servicing Channel by Microsoft
View all CVEs affecting Office Long Term Servicing Channel →
⚠️ Risk & Real-World Impact
Worst Case
An attacker could read sensitive memory contents including passwords, encryption keys, or other confidential data from the Excel process memory space.
Likely Case
Limited information disclosure of random memory contents from the Excel process, potentially revealing fragments of previously opened documents or application data.
If Mitigated
With proper controls, the impact is minimal as it only allows reading memory contents rather than code execution, and requires user interaction.
🎯 Exploit Status
Exploitation requires crafting a malicious Excel file and convincing a user to open it. No authentication bypass needed once file is opened.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: To be specified in Microsoft's security update
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60728
Restart Required: Yes
Instructions:
1. Open Excel and go to File > Account > Update Options > Update Now. 2. Install all available Office updates. 3. Restart Excel and verify update installation.
🔧 Temporary Workarounds
Disable automatic opening of Excel files
windowsConfigure Excel to prompt before opening files from unknown sources
Set registry key: HKCU\Software\Microsoft\Office\16.0\Excel\Security\FileValidation to 3
Use Protected View
windowsForce all Excel files from internet to open in Protected View
Set registry key: HKCU\Software\Microsoft\Office\16.0\Excel\Security\ProtectedView to 2
🧯 If You Can't Patch
- Implement application whitelisting to block execution of unapproved Excel files
- Use email filtering to block Excel attachments from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check Excel version via File > Account > About Excel and compare with Microsoft's affected versions listCheck Version:
In Excel: File > Account > About ExcelVerify Fix Applied:
Verify Office updates are installed via File > Account > Update Options > View Updates📡 Detection & Monitoring
Log Indicators:
- Excel crash logs with memory access violations
- Windows Event Logs with Application Error events for EXCEL.EXE
Network Indicators:
- Unusual outbound connections after opening Excel files
- Large data transfers following Excel file access
SIEM Query:
EventID=1000 AND Source="Application Error" AND ProcessName="EXCEL.EXE" AND (FaultingModule LIKE "%excel%" OR ExceptionCode=0xc0000005)