CVE-2022-24461 Microsoft CVE debrief

Who should care

Organizations using Microsoft Office Visio, particularly those with users who regularly receive external documents. Security teams responsible for endpoint protection and patch management. Industries with heavy Visio usage for diagramming and process documentation, including engineering, IT operations, and business analysis functions.

Technical summary

CVE-2022-24461 is a remote code execution vulnerability in Microsoft Office Visio. The flaw exists in how Visio parses specially crafted files. Exploitation requires user interaction—an attacker must convince a victim to open a malicious Visio document. Upon successful exploitation, the attacker gains code execution with the privileges of the opening user. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, with a local attack vector and low attack complexity. Microsoft released security updates in March 2022 to remediate this vulnerability across affected Office product versions.

Defensive priority

high

Recommended defensive actions

• Apply Microsoft security updates for affected Office/Visio installations per vendor guidance.
• Restrict execution of untrusted Visio files (.vsd, .vsdx, .vst, .vstx) via application control policies.
• Enable Microsoft Defender Attack Surface Reduction (ASR) rules to block Office apps from creating child processes.
• Train users to avoid opening Visio files from untrusted sources or unexpected emails.
• Monitor for suspicious child process spawning from VISIO.EXE.

Evidence notes

CVE published 2022-03-09; NVD record last modified 2026-05-19. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Affected products per NVD CPE: Microsoft 365 Apps for Enterprise, Office 2019, and Office LTSC 2021.

Official resources