CVE-2025-29792: 
vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-29792) was discovered in Microsoft Office, disclosed on April 8, 2025. This security flaw affects various versions of Microsoft Office 2016, including Office Standard, Professional, Professional Plus, Home and Business, and Home and Student editions (Microsoft Support, NVD).

The vulnerability is classified as a use-after-free (CWE-416) issue in Microsoft Office. Microsoft has assigned it a CVSS v3.1 base score of 7.3 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates local access is required, with low attack complexity, low privileges required, and user interaction needed (NVD).

If successfully exploited, this vulnerability allows an authorized attacker to elevate privileges locally on the affected system, potentially gaining higher levels of access than intended (CVE).

Microsoft has released security update KB5002700 to address this vulnerability. The update is available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. However, users should note that there is a known issue where Microsoft Word, Excel, and Outlook might stop responding after installing KB5002700. This issue is fixed in the April 10, 2025 update (KB5002623). Users must install both updates to fully resolve the issues (Microsoft Support).