What is the severity of CVE-2024-38226?

CVE-2024-38226 has a critical severity rating due to its potential to bypass security mechanisms in Microsoft Publisher.

How do I fix CVE-2024-38226?

To fix CVE-2024-38226, update Microsoft Publisher and Office to the latest security versions provided by Microsoft.

Which versions of Microsoft Publisher are affected by CVE-2024-38226?

CVE-2024-38226 affects Microsoft Publisher 2016, 2019, and 2021 across both 32-bit and 64-bit editions.

Can CVE-2024-38226 allow malicious macros to run?

Yes, CVE-2024-38226 can allow attackers to bypass Office macro policies, potentially enabling malicious macros to execute.

What type of vulnerability is CVE-2024-38226?

CVE-2024-38226 is classified as a security feature bypass vulnerability.

Vulnerability/
CVE-2024-38226

Exploited

high

7.3

CWE

693

10/9/2024

31/12/2024

CVE-2024-38226: Microsoft Publisher Protection Mechanism Failure Vulnerability

First published: Tue Sep 10 2024(Updated: )

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Publisher
Microsoft Office	=2019
Microsoft Office	=2019
Microsoft Office	=2021
Microsoft Office	=2021
Microsoft Publisher	=2016
Microsoft Publisher	=2016
Microsoft Office 2019 for 64-bit editions		fix available externally
Microsoft Office 2019 for 32-bit editions		fix available externally
Microsoft Office LTSC 2021 for 64-bit editions		fix available externally
Microsoft Office LTSC 2021 for 32-bit editions		fix available externally
Microsoft Publisher		fix available externally
Microsoft Publisher		fix available externally

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-38226?
CVE-2024-38226 has a critical severity rating due to its potential to bypass security mechanisms in Microsoft Publisher.
How do I fix CVE-2024-38226?
To fix CVE-2024-38226, update Microsoft Publisher and Office to the latest security versions provided by Microsoft.
Which versions of Microsoft Publisher are affected by CVE-2024-38226?
CVE-2024-38226 affects Microsoft Publisher 2016, 2019, and 2021 across both 32-bit and 64-bit editions.
Can CVE-2024-38226 allow malicious macros to run?
Yes, CVE-2024-38226 can allow attackers to bypass Office macro policies, potentially enabling malicious macros to execute.
What type of vulnerability is CVE-2024-38226?
CVE-2024-38226 is classified as a security feature bypass vulnerability.

agent/type
agent/weakness
agent/references
agent/first-publish-date
agent/author
agent/remedy
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/description
collector/nvd-api
source/NVD
agent/title
collector/msrc-cve
source/Microsoft
agent/severity
collector/nvd-cve
agent/event
collector/msrc
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/software-canonical-lookup-request
vendor/microsoft
canonical/microsoft publisher
canonical/microsoft office
version/microsoft office/2019
version/microsoft office/2021
version/microsoft publisher/2016
canonical/microsoft office 2019 for 64-bit editions
canonical/microsoft office 2019 for 32-bit editions
canonical/microsoft office ltsc 2021 for 64-bit editions
canonical/microsoft office ltsc 2021 for 32-bit editions

Frequently Asked Questions

What is the severity of CVE-2024-38226?
CVE-2024-38226 has a critical severity rating due to its potential to bypass security mechanisms in Microsoft Publisher.
How do I fix CVE-2024-38226?
To fix CVE-2024-38226, update Microsoft Publisher and Office to the latest security versions provided by Microsoft.
Which versions of Microsoft Publisher are affected by CVE-2024-38226?
CVE-2024-38226 affects Microsoft Publisher 2016, 2019, and 2021 across both 32-bit and 64-bit editions.
Can CVE-2024-38226 allow malicious macros to run?
Yes, CVE-2024-38226 can allow attackers to bypass Office macro policies, potentially enabling malicious macros to execute.
What type of vulnerability is CVE-2024-38226?
CVE-2024-38226 is classified as a security feature bypass vulnerability.

CVE-2024-38226: Microsoft Publisher Protection Mechanism Failure Vulnerability

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-38226?

How do I fix CVE-2024-38226?

Which versions of Microsoft Publisher are affected by CVE-2024-38226?

Can CVE-2024-38226 allow malicious macros to run?

What type of vulnerability is CVE-2024-38226?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-38226?

How do I fix CVE-2024-38226?

Which versions of Microsoft Publisher are affected by CVE-2024-38226?

Can CVE-2024-38226 allow malicious macros to run?

What type of vulnerability is CVE-2024-38226?