CVE-2021-43875 Microsoft CVE debrief

Who should care

Organizations running Microsoft Office 2019, Microsoft 365 Apps for Enterprise, or Office LTSC 2021 on Windows or macOS endpoints. Security teams responsible for endpoint patch management and vulnerability remediation programs. IT administrators managing Office deployments in enterprise environments.

Technical summary

CVE-2021-43875 is a remote code execution vulnerability in Microsoft Office Graphics components. The vulnerability requires user interaction to trigger, typically through opening a maliciously crafted Office document. Successful exploitation could allow an attacker to execute arbitrary code in the context of the current user. The attack complexity is low, and the vulnerability impacts confidentiality, integrity, and availability (all rated HIGH). The affected attack surface spans multiple Office deployment channels including Microsoft 365 Apps for Enterprise, Office 2019, and Office Long Term Servicing Channel 2021 across Windows (x64/x86) and macOS platforms. Microsoft has issued security updates to remediate this vulnerability.

Defensive priority

HIGH

Recommended defensive actions

• Apply Microsoft security updates for CVE-2021-43875 to all affected Office installations
• Prioritize patching for systems running Microsoft 365 Apps for Enterprise, Office 2019, and Office LTSC 2021
• Verify patch deployment across both Windows (x64/x86) and macOS platforms
• Monitor Microsoft Security Response Center (MSRC) guidance for any additional mitigation measures
• Review endpoint detection and response (EDR) coverage for Office-related process execution anomalies

Evidence notes

CVE published 2021-12-15 per NVD and Microsoft security guidance. CVSS vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H from NVD. Affected products confirmed via NVD CPE criteria: Microsoft 365 Apps Enterprise, Office 2019, Office LTSC 2021 across x64, x86, and macOS platforms. Not in KEV per supplied enrichment data.

Official resources