{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/cpes/cpe2.3amicrosoftoffice_2021-ltsc-x86/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*","cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*","cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*","cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*","cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*","cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*","cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*","cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*","cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*","cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*","cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*","cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x64:*","cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x86:*","cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-44803"},{"cvss":7,"id":"CVE-2026-44818"},{"cvss":7.8,"id":"CVE-2026-44819"},{"cvss":7.8,"id":"CVE-2026-45469"},{"cvss":7.8,"id":"CVE-2026-45475"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Microsoft 365 Apps pour Enterprise pour systèmes 32 bits","Microsoft 365 Apps pour Enterprise pour systèmes 64 bits","Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5556.1001","Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5556.1001","Microsoft Excel pour Android","Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5556.1005","Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5556.1005","Microsoft Office 2019 pour éditions 32 bits","Microsoft Office 2019 pour éditions 64 bits","Microsoft Office 365 pour Mac","Microsoft Office LTSC 2021 pour éditions 32 bits","Microsoft Office LTSC 2021 pour éditions 64 bits","Microsoft Office LTSC 2024 pour éditions 32 bits","Microsoft Office LTSC 2024 pour éditions 64 bits","Microsoft Office LTSC pour Mac 2021","Microsoft Office LTSC pour Mac 2024","Microsoft Office pour Android","Microsoft PowerPoint pour Android","Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5556.1000","Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5556.1000","Microsoft Word pour Android","Office Online Server versions antérieures à 16.0.10417.20137"],"_cs_severities":["high"],"_cs_tags":["vulnerability","microsoft-office","remote-code-execution","privilege-escalation","data-confidentiality","windows","macos","android"],"_cs_type":"threat","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCERT-FR has released an advisory detailing 31 critical and high-severity vulnerabilities affecting numerous Microsoft Office products. These vulnerabilities, identified by CVEs such as CVE-2026-44803 (the first listed) and CVE-2026-47635 (the last listed), were disclosed by Microsoft on June 9, 2026. The flaws impact a wide range of Office applications, including Microsoft 365 Apps, various versions of Excel, Word, PowerPoint, and Office Online Server, across Windows, macOS, and Android platforms. Successful exploitation of these vulnerabilities could lead to arbitrary remote code execution, elevation of privileges on affected systems, and unauthorized access to sensitive data, posing a significant risk to organizational assets. While no specific threat actors or active exploitation campaigns are detailed in the advisory, these types of vulnerabilities are frequently targeted by advanced persistent threats and opportunistic attackers.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access\u003c/strong\u003e: A user receives and opens a specially crafted Microsoft Office document (e.g., Word, Excel, or PowerPoint file) delivered via a phishing email, malicious download, or other social engineering methods.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploitation\u003c/strong\u003e: The malicious document leverages one of the disclosed vulnerabilities (e.g., CVE-2026-44803) within the vulnerable Microsoft Office application upon opening or specific user interaction.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRemote Code Execution\u003c/strong\u003e: Successful exploitation results in remote code execution (RCE) within the context of the compromised Office application process, allowing the attacker to execute arbitrary commands.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePayload Delivery\u003c/strong\u003e: The executed code downloads and executes additional malicious payloads (e.g., malware droppers, backdoors, or command-and-control agents) from an external attacker-controlled server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation\u003c/strong\u003e: The attacker may then exploit another vulnerability (e.g., CVE-2026-44812) or leverage a misconfiguration to escalate privileges, gaining higher system access on the compromised host.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eObjective Achievement\u003c/strong\u003e: With elevated privileges and persistent access, the attacker can proceed with their objectives, which may include lateral movement across the network, exfiltration of sensitive data, further system compromise, or deployment of additional malicious software.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of these vulnerabilities could have severe consequences for affected organizations. Attackers could gain complete control over compromised systems, leading to extensive data breaches, operational disruption, and the deployment of ransomware or other destructive malware. While the advisory does not specify the number of victims or targeted sectors, the broad impact across common Microsoft Office products means that organizations of all sizes and industries are potentially at risk. The combination of remote code execution, privilege escalation, and data confidentiality compromise could lead to significant financial losses, reputational damage, and regulatory penalties.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-44803, CVE-2026-44812, CVE-2026-44817, CVE-2026-44818, CVE-2026-44819, CVE-2026-44820, CVE-2026-44821, CVE-2026-44822, CVE-2026-44823, CVE-2026-44824, CVE-2026-45455, CVE-2026-45456, CVE-2026-45457, CVE-2026-45458, CVE-2026-45459, CVE-2026-45460, CVE-2026-45461, CVE-2026-45463, CVE-2026-45466, CVE-2026-45469, CVE-2026-45471, CVE-2026-45472, CVE-2026-45474, CVE-2026-45475, CVE-2026-45485, CVE-2026-45486, CVE-2026-45643, CVE-2026-45645, CVE-2026-45649, CVE-2026-47293, and CVE-2026-47635 by applying the latest security updates from Microsoft for all affected Office products and versions immediately.\u003c/li\u003e\n\u003cli\u003eDeploy the \u0026quot;Detect Suspicious Child Process by Microsoft Office Application\u0026quot; Sigma rule to detect post-exploitation activity from Office applications.\u003c/li\u003e\n\u003cli\u003eDeploy the \u0026quot;Detect Outbound Network Connection from Microsoft Office Application\u0026quot; Sigma rule to monitor for unusual C2 communications.\u003c/li\u003e\n\u003cli\u003eEnsure Sysmon process creation (Event ID 1), network connection (Event ID 3), and file creation (Event ID 11) logging is enabled on all Windows endpoints to generate the necessary telemetry for the detection rules in this brief.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-14T09:15:49Z","date_published":"2026-06-14T09:15:49Z","id":"https://feed.craftedsignal.io/briefs/2026-06-microsoft-office-vulnerabilities/","summary":"CERT-FR has disclosed 31 vulnerabilities in various Microsoft Office products, including CVE-2026-44803 and CVE-2026-47635, which could allow remote code execution, privilege escalation, and data confidentiality compromise.","title":"Multiple Vulnerabilities in Microsoft Office Products (June 2026)","url":"https://feed.craftedsignal.io/briefs/2026-06-microsoft-office-vulnerabilities/"}],"language":"en","title":"CraftedSignal Threat Feed - Cpe:2.3:a:microsoft:office_2021:-:*:*:*:Ltsc:-:X86:*","version":"https://jsonfeed.org/version/1.1"}