CVE-2024-20673: 
vulnerability analysis and mitigation

Microsoft Office Remote Code Execution Vulnerability (CVE-2024-20673) was disclosed on February 13, 2024. This vulnerability affects multiple Microsoft Office 2016 products including Excel, PowerPoint, Publisher, Skype for Business, Visio, Word, and Office Click-to-Run editions (Microsoft Support).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected system, potentially gaining the same level of access rights as the logged-in user (Rapid7).

Microsoft has released security updates to address this vulnerability. The patches are available through Microsoft Update, Microsoft Update Catalog, and the Microsoft Download Center. For Office 2016, users should install security update KB5002537 and related patches depending on their specific Office applications (Microsoft Support).