Microsoft has published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted. An attacker who successfully exploits this vulnerability can run arbitrary code. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.

More information on vulnerability and workarounds is available in Microsoft guidance – microsoft.com.