Описание
Microsoft Office Security Feature Bypass Vulnerability
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
Меры по смягчению последствий
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.
The following mitigating factors might be helpful in your situation:
Customers running Office 2021 and later will be automatically protected via a service-side change, but will be required to restart their Office applications for this to take effect.
Customers running Office 2016 and 2019 are not protected until they install the security update. Customers on these versions can apply the registry keys described as follows to be immediately protected.
Microsoft Office:
- To start blocking please add the following registry keys:
Caution: Follow these steps carefully. Serious problems may occur if you modify the registry incorrectly. Before you start we recommend that you have a known good backup of your registry. See this article for more information: https://support.microsoft.com/en-us/help/322756/how-to-back-up-and-restore-the-registry-in-windows
Exit all Microsoft Office applications. Start the Registry Editor by tapping Start (or pressing the Windows key on your keyboard) then typing regedit and pressing enter.
- Locate the proper registry subkey. It will be one of the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\ (for 64-bit MSI Office, or 32-bit MSI Office on 32-bit Windows)
or
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ (for 32-bit MSI Office on 64-bit Windows)
or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\16.0\Common\COM Compatibility\ (for 64-bit Click2Run Office, or 32-bit Click2Run Office on 32-bit Windows)
or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Office\16.0\Common\COM Compatibility\ (for 32-bit Click2Run Office on 64-bit Windows)
Note: The COM Compatibility node may not be present by default. If you don't see it, add it by right-clicking the Common node and choosing Add Key.
- Add a new subkey named {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} by right-clicking the COM Compatibility node and choosing Add Key.
Within that new subkey we're going to add one new value by right-clicking the new subkey and choosing New > DWORD (32-bit) Value.
A REG_DWORD hexadecimal value called Compatibility Flags with a value of 400.
Exit Registry Editor and start your Office application.
Example
For example, in Office 2016, 64-bit, on Windows you would locate this registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\
Note: Remember, if the COM Compatibility node doesn't exist yet you'll need to create it.
Then add a subkey with the name {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}.
In this case, the resulting path is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\COM Compatibility\{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}.
To that subkey you'll add a REG_DWORD value called Compatibility Flags with a value of 400.
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker must send a user a malicious Office file and convince them to open it.
Are the updates for Microsoft Office 2016 and 2019 currently available?
Yes. As of January 26, 2026, the security update for Microsoft Office 2016 and 2019 is available. Customers running Microsoft Office 2016 and 2019 should ensure the update is installed to be protected from this vulnerability.
How do I know what version of Office 2016 and 2019 I am running?
On January 26 2026, Microsoft released build numbers for Office 2016 16.0.5539.1001 and Office 2019 16.0.10417.20095 to address this vulnerability.
To see what version you have installed:
- In a document click the File tab.
- Click Account in the left hand pane.
- Click About . The top line of the About dialog box will display the Build number.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Office 2016 (32-bit edition) | ||
| Microsoft Office 2016 (64-bit edition) | ||
| Microsoft Office 2019 for 32-bit editions | - | |
| Microsoft Office 2019 for 64-bit editions | - | |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | - | |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | - | |
| Microsoft Office LTSC 2021 for 64-bit editions | - | |
| Microsoft Office LTSC 2021 for 32-bit editions | - | |
| Microsoft Office LTSC 2024 for 32-bit editions | - | |
| Microsoft Office LTSC 2024 for 64-bit editions | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.8 High
CVSS3
Связанные уязвимости
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
Уязвимость пакета программ Microsoft Office, связанная с использованием ненадежных входных данных при принятии решений по безопасности, позволяющая нарушителю обойти существующие механизмы безопасности
EPSS
7.8 High
CVSS3