CVE-2024-49059: 
vulnerability analysis and mitigation

Microsoft Office Elevation of Privilege Vulnerability (CVE-2024-49059) was disclosed on December 11, 2024. This vulnerability affects multiple Microsoft Office products including Microsoft 365 Apps Enterprise, Office 2016, Office 2019, and Office Long Term Servicing Channel 2021 and 2024 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is associated with two CWE classifications: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization - 'Race Condition') and CWE-59 (Improper Link Resolution Before File Access - 'Link Following') (NVD).

This elevation of privilege vulnerability in Microsoft Office could allow an attacker to gain higher privileges on the affected system if successfully exploited (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability. For Office 2016 installations, the update is available through Microsoft Update, Microsoft Update Catalog, and as standalone packages for both 32-bit and 64-bit versions. Users with automatic updates enabled will receive the fix automatically (Microsoft Support).