Microsoft Publisher Protection Mechanism Failure Vulnerability

Added Sept. 10, 2024 • Due Oct. 1, 2024 • CVE-2024-38226

Overdue Microsoft / Publisher CWE-693

Description

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226
https://nvd.nist.gov/vuln/detail/CVE-2024-38226

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 6 months, 1 week ago