CVE-2024-30104 Microsoft CVE debrief

Who should care

Organizations running Microsoft Office 2016, 2019, 2021, or Microsoft 365 Apps for Enterprise on Windows endpoints. Security teams responsible for endpoint protection and patch management. Users who regularly receive and open Office documents from external sources.

Technical summary

This vulnerability in Microsoft Office permits remote code execution through improper link resolution before file access (CWE-59). The attack requires local access and user interaction—typically achieved by convincing a victim to open a malicious Office document. Successful exploitation grants the attacker high-impact capabilities: complete compromise of confidentiality, integrity, and availability on the affected system. The vulnerability affects multiple Office deployment channels including perpetual license versions (2016, 2019, 2021 LTSC) and subscription-based Microsoft 365 Apps for Enterprise across both processor architectures. Microsoft's security update addresses the improper link resolution behavior to prevent exploitation.

Defensive priority

HIGH

Recommended defensive actions

• Apply Microsoft security updates released June 11, 2024, for all affected Office installations
• Enable automatic updates for Microsoft Office to ensure timely patch deployment
• Implement application control policies to restrict execution of untrusted Office documents
• Train users to avoid opening Office files from untrusted sources
• Consider Microsoft Defender for Office 365 for additional protection against malicious attachments

Evidence notes

CVSS 3.1 score of 7.8 (HIGH) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates local attack vector requiring user interaction but resulting in complete confidentiality, integrity, and availability impact. CPE criteria confirm affected products: Microsoft 365 Apps for Enterprise, Office 2016, Office 2019, and Office LTSC 2021. Weakness enumeration identifies CWE-59 as the underlying vulnerability class.

Official resources