CVE-2022-44696 Microsoft CVE debrief

Who should care

Organizations using Microsoft Office Visio, particularly those in engineering, architecture, and business process documentation roles where Visio files are frequently exchanged externally. Security teams responsible for endpoint protection and patch management should prioritize this vulnerability due to its high severity and common use of Visio in collaborative workflows.

Technical summary

CVE-2022-44696 is a remote code execution vulnerability in Microsoft Office Visio that can be triggered when a user opens a maliciously crafted Visio file. The vulnerability requires user interaction and results in code execution with the privileges of the opening user. Affected products include Microsoft 365 Apps for Enterprise, Office 2019, and Office LTSC 2021 across both x64 and x86 architectures. The vulnerability was patched by Microsoft as part of their December 2022 security updates.

Defensive priority

high

Recommended defensive actions

• Apply Microsoft security updates for affected Office and Visio installations
• Prioritize patching systems where Visio files from external sources are regularly processed
• Consider implementing Microsoft Defender Application Control or similar application whitelisting to restrict execution of untrusted Visio content
• Enable Attack Surface Reduction (ASR) rules in Microsoft Defender for Endpoint where available to block Office child process creation
• Train users to avoid opening Visio files from untrusted sources and to verify sender identity before opening unexpected attachments

Evidence notes

Vulnerability details sourced from NVD and Microsoft MSRC. CPE criteria confirm affected product versions. CVSS vector confirms local attack vector with user interaction requirement.

Official resources