CVE-2012-2539 Microsoft CVE debrief

Who should care

Organizations that use Microsoft Word on managed endpoints, especially security teams, endpoint administrators, and vulnerability management teams responsible for timely patching.

Technical summary

The supplied sources identify this issue as a Microsoft Word remote code execution vulnerability and confirm its inclusion in CISA’s KEV catalog. The available record does not provide CVSS details or deeper technical mechanics, so the safest action is prompt remediation using vendor guidance.

Defensive priority

High. CISA’s KEV listing indicates known exploitation, and the catalog’s required action is to apply updates per vendor instructions.

Recommended defensive actions

• Inventory systems with Microsoft Word installed.
• Prioritize remediation of CVE-2012-2539 using Microsoft-provided updates.
• Track the CISA KEV due date (2022-04-18) as a remediation deadline reference.
• Confirm patch deployment and verify affected endpoints are updated.
• Use internal monitoring to review for suspicious document-related activity and other signs of exploitation.

Evidence notes

CISA’s Known Exploited Vulnerabilities catalog lists CVE-2012-2539 as a Microsoft Word remote code execution vulnerability and directs organizations to apply updates per vendor instructions. The NVD record linked in the source metadata corroborates the CVE identifier and product naming.

Official resources