The Pakistan Telecommunication Authority (PTA) has issued a high-priority Cybersecurity Advisory warning users and organizations across Pakistan about newly discovered critical vulnerabilities in Microsoft Office applications. These vulnerabilities affect several widely used Microsoft products, including Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Office LTSC 2021 and 2024 editions, as well as various versions of Microsoft SharePoint Server.
The PTA’s advisory outlines that the identified security flaws pose significant threats if left unpatched, potentially allowing malicious actors to execute arbitrary code or escalate privileges on affected systems. These capabilities could lead to unauthorized access, data breaches, or widespread system compromise—especially in enterprise environments where Microsoft Office applications are integral to daily operations.
According to the advisory, the vulnerabilities target specific Microsoft Office components, notably Visio, Excel, and SharePoint, and have been registered with distinct CVE identifiers: CVE-2024-43505, CVE-2024-43504, and CVE-2024-43503, respectively. In Microsoft Visio, the vulnerability could enable arbitrary code execution when a user opens specially crafted content. The Excel vulnerability involves a “use-after-free” memory error, which may be triggered via malicious files and potentially allow attackers to execute code remotely. Meanwhile, the SharePoint flaw could let an authenticated attacker escalate privileges through specially designed requests, granting them elevated access rights within affected systems.
The PTA has categorized all of these vulnerabilities as “high-severity,” stressing that delays in addressing these issues could lead to serious security incidents. The potential for local attackers to exploit these flaws further increases the risk, particularly in systems lacking strong internal defenses or routine security hygiene practices.
The Authority has urged all organizations and individual users to take immediate corrective measures by updating their Microsoft software. The advisory highlights the importance of consulting the Microsoft Security Update Guide, which provides specific patches and instructions to mitigate each of the disclosed vulnerabilities. In high-usage environments, such as corporate networks and government systems where Microsoft applications are deployed at scale, patching becomes especially critical to prevent disruptions and safeguard sensitive data.
PTA also warned that ignoring these updates leaves systems exposed to targeted cyberattacks, which are becoming increasingly sophisticated and opportunistic. As part of the advisory, system administrators and IT security teams are advised to review their current system configurations, conduct a vulnerability assessment, and deploy all relevant security patches without delay.
This alert is the latest in PTA’s series of proactive measures aimed at improving the cybersecurity posture of Pakistan’s digital infrastructure. With Microsoft Office products serving as essential tools in business, education, and government sectors alike, the risks associated with these vulnerabilities have wide-reaching implications.
PTA’s advisory comes at a time when global cybersecurity threats are on the rise, especially those targeting commonly used productivity software. As attackers increasingly seek to exploit unpatched systems and known vulnerabilities, timely alerts such as these are critical in ensuring that organizations stay one step ahead of potential breaches.
For continued protection, the PTA advises all stakeholders to remain vigilant, adopt best security practices, and maintain updated software environments as part of their broader cyber risk mitigation strategies.
