CVE-2022-41061

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) Microsoft SharePoint (affected versions not specified) Microsoft Excel (affected versions not specified) Microsoft Office Web Apps Server (affected versions not specified) Microsoft Word (affected versions not specified)

Description The issue exists due to insufficient input validation in Microsoft products. It allows a remote attacker to execute arbitrary code. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Microsoft Office, consider disabling features that allow remote code execution until a patch is available. For Microsoft 365 Apps for Enterprise, restrict access to vulnerable components to minimize the risk of exploitation. For Microsoft SharePoint, avoid using vulnerable modules until the issue is resolved. For Microsoft Excel, consider temporarily disabling the execution of arbitrary code. For Microsoft Office Web Apps Server, restrict access to vulnerable API endpoints. For Microsoft Word, consider disabling the ability to execute remote code until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.