<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cve-2026-32190 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cve-2026-32190/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 03 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cve-2026-32190/feed.xml" rel="self" type="application/rss+xml"/><item><title>Microsoft Office Use-After-Free Vulnerability CVE-2026-32190</title><link>https://feed.craftedsignal.io/briefs/2024-01-office-uaf/</link><pubDate>Wed, 03 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-office-uaf/</guid><description>CVE-2026-32190 is a use-after-free vulnerability in Microsoft Office that allows an unauthorized attacker to execute code locally.</description><content:encoded><![CDATA[<p>CVE-2026-32190 is a critical use-after-free vulnerability affecting Microsoft Office. This vulnerability allows an attacker with local access to execute arbitrary code on a vulnerable system. The vulnerability arises from improper memory management within the Office suite, potentially impacting various applications like Word, Excel, and PowerPoint. Successful exploitation could lead to complete system compromise, including data theft, modification, or destruction. Microsoft has assigned a CVSS v3.1 score of 8.4, highlighting the high potential impact. Defenders should prioritize patching this vulnerability to prevent potential exploitation. The specific versions of Microsoft Office affected are not detailed in the source, but the CVE was published on 2026-04-14.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker gains initial access to the target system, potentially through social engineering or physical access.</li>
<li>The attacker crafts a malicious Office document (e.g., Word, Excel, PowerPoint) specifically designed to trigger the use-after-free vulnerability. This involves manipulating the document's internal structure to cause memory corruption.</li>
<li>The attacker convinces the victim to open the malicious Office document. This could be achieved via email, shared network drives, or other means.</li>
<li>When the victim's Office application processes the malicious document, the use-after-free vulnerability is triggered.</li>
<li>The application attempts to access a memory location that has already been freed, leading to a crash or unexpected behavior.</li>
<li>The attacker leverages this memory corruption to inject and execute arbitrary code within the context of the Office application.</li>
<li>The attacker's code gains control of the system and can perform malicious actions such as installing malware, stealing data, or creating new user accounts.</li>
<li>The attacker achieves their objective, such as data exfiltration, ransomware deployment, or lateral movement within the network.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-32190 can lead to complete system compromise. An attacker can gain full control over the affected machine, potentially leading to data theft, data corruption, or malware installation. Given the widespread use of Microsoft Office, this vulnerability poses a significant risk to both individuals and organizations. The lack of details on the number of victims or sectors targeted in the source emphasizes the need for proactive patching and detection measures.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply the security update released by Microsoft to patch CVE-2026-32190 immediately after release (reference: <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32190)">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32190)</a>.</li>
<li>Deploy the Sigma rules provided below to your SIEM to detect potential exploitation attempts.</li>
<li>Enable process creation logging on endpoints to provide the necessary data for the Sigma rules to function.</li>
<li>Monitor for suspicious process execution originating from Microsoft Office applications.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>use-after-free</category><category>microsoft-office</category><category>code-execution</category><category>cve-2026-32190</category></item></channel></rss>