CVE-2024-30101 Microsoft CVE debrief

Who should care

Organizations running Microsoft Office 2016, 2019, 2021, or Microsoft 365 Apps for Enterprise; security teams responsible for endpoint protection and patch management; defenders monitoring for memory corruption exploitation in productivity suites

Technical summary

CVE-2024-30101 is a Use After Free (CWE-416) vulnerability in Microsoft Office that enables remote code execution. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects a network-exploitable flaw requiring user interaction and high attack complexity, with severe impacts across the CIA triad. Affected platforms span multiple Office generations: Microsoft 365 Apps for Enterprise (x64/x86), Office 2016, Office 2019, and Office LTSC 2021 (x64/x86). Microsoft has issued patches. No CISA KEV listing or known ransomware use is documented.

Defensive priority

HIGH

Recommended defensive actions

• Apply Microsoft security updates for affected Office versions as referenced in the vendor advisory
• Prioritize patching systems running Microsoft 365 Apps for Enterprise, Office 2016, Office 2019, and Office LTSC 2021
• Implement application control policies to restrict execution of untrusted Office documents
• Enable Protected View or Application Guard for Office to reduce attack surface from malicious documents
• Monitor for suspicious Office process behavior indicative of memory corruption exploitation
• Review and update endpoint detection rules for CWE-416 (Use After Free) patterns in Office applications

Evidence notes

CVE published 2024-06-11 per NVD; modified 2026-05-19. CVSS 7.5 HIGH. CWE-416 Use After Free. Affected: Microsoft 365 Apps Enterprise, Office 2016/2019/LTSC 2021. Microsoft patch available. Not in KEV.

Official resources