This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to way Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View. A local user can run a specially crafted file and escalate privileges to SYSTEM level.Mitigation
Install updates from vendor's website.Vulnerable software versions
Microsoft Office: 365 ProPlus - 2019
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?