CVE-2023-33161 Microsoft CVE debrief

Who should care

Organizations running Microsoft 365 Apps for Enterprise or Office 2019/2021 on macOS, particularly those with users who regularly handle Excel documents from external sources. Security teams responsible for endpoint protection, patch management, and Office application hardening should prioritize this vulnerability.

Technical summary

CVE-2023-33161 is a remote code execution vulnerability in Microsoft Excel with a CVSS 3.1 score of 7.8 (HIGH). The attack requires local access and user interaction, typically through opening a maliciously crafted Excel file. Successful exploitation could result in complete system compromise with high impact to confidentiality, integrity, and availability. Microsoft has classified the underlying weakness as CWE-415 (Double Free). Affected products include Microsoft 365 Apps for Enterprise (both x64 and x86 architectures) and Microsoft Office 2019 and 2021 for macOS. Microsoft has released security updates to address this vulnerability. No active exploitation in ransomware campaigns has been confirmed, and the vulnerability is not currently listed in CISA's KEV catalog.

Defensive priority

high

Recommended defensive actions

• Apply Microsoft security updates for Microsoft 365 Apps and Office for Mac as detailed in the vendor advisory
• Restrict execution of Office documents from untrusted sources via application control policies
• Enable Protected View for documents originating from the Internet
• Monitor for anomalous Excel process behavior and unexpected child processes
• Review and apply Microsoft's security configuration guidance for Office applications

Evidence notes

CVE published 2023-07-11; modified 2026-05-19. CVSS 7.8 HIGH. Affects Microsoft 365 Apps Enterprise x64/x86, Office 2019/2021 for macOS. Microsoft patch and advisory available. Not in KEV.

Official resources