Advisory 69: Microsoft Publisher Security Feature Bypass Vulnerability
Release Date: 14th of September 2024
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
What is it?
The Microsoft Publisher Security Feature Bypass Vulnerability refers to a weakness in Microsoft Publisher that allows attackers to bypass certain security features, potentially leading to malicious code execution or other harmful actions.
What are the Systems affected?
- Microsoft Office 2019 – 32-bit System and x64-based Systems
- Microsoft Office LTSC 2021 - 32-bit System and x64-based Systems
- Microsoft Publisher 2026 - 32-bit System and x64-based Systems
What this means?
If Vulnerabilities are not addressed, a cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Mitigation process
CERTVU Encourages users and administrators to review the below and apply necessary security updates.
References
- https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog
- https://www.cve.org/CVERecord?id=CVE-2024-38226
- Download advisory (English): Microsoft Publisher Security Feature Bypass Vulnerability
- Download advisory (Bislama): Wiknes long saed blong Go raon long Sekuriti Aspek blong Microsoft Publisher
- Download advisory (French): vulnérabilité de contournement de la fonctionnalité de sécurité dans Microsoft Publisher