ADV240001: Microsoft SharePoint Server Defense in Depth Update

CVE-2024-49048: TorchGeo Remote Code Execution Vulnerability

CVE-2024-49030: Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49029: Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49032: Microsoft Office Graphics Remote Code Execution Vulnerability

**Is this advisory related to the vulnerability that is documented by CVE-2023-36884 that was issued in July 2023?**

Yes, this defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023.

Headline

ADV230003: Microsoft Office Defense in Depth Update

Microsoft Security Response Center: Latest News