The Pakistan Telecommunication Authority (PTA) has issued a critical cybersecurity advisory warning users and organizations across the country about severe vulnerabilities found in widely used Microsoft Office applications. Labeled as Cyber Security Advisory No. 368, the notice highlights the presence of multiple high-severity flaws that, if left unpatched, could be exploited to execute arbitrary code or elevate user privileges within affected systems.
Dated January 14, 2025, the advisory comes as a response to newly discovered vulnerabilities that affect several popular Microsoft Office suites and enterprise-level platforms. According to PTA, the vulnerabilities exist in Microsoft 365 Apps for Enterprise (version 16.0.1), Microsoft Office 2019 (19.0.0), Office LTSC 2021 and 2024 (versions 16.0.1 and 1.0.0), Microsoft SharePoint Server 2019, and SharePoint Enterprise Server 2016 (version 16.0.0).
The flaws are tracked under the CVE (Common Vulnerabilities and Exposures) system and include CVE-2024-43505 for Microsoft Visio, CVE-2024-43504 for Microsoft Excel, and CVE-2024-43503 for Microsoft SharePoint. Each of these vulnerabilities presents a unique threat vector that could be exploited by cybercriminals if left unaddressed.
The vulnerability in Microsoft Visio poses a particular risk at the local level, enabling attackers to execute arbitrary code by tricking users into opening specially crafted content. Meanwhile, the flaw in Excel is tied to a use-after-free issue—an error related to memory handling—which can allow remote code execution, potentially compromising entire systems without physical access. Perhaps the most concerning of the three is the SharePoint vulnerability, which could enable authenticated users to escalate their privileges by sending maliciously crafted requests to the server, thereby gaining unauthorized access to restricted areas within an enterprise’s digital environment.
The PTA’s advisory underscores the seriousness of these flaws, especially for enterprises and public sector organizations that rely on Microsoft Office tools for daily operations. “These vulnerabilities present significant security risks, particularly for systems processing sensitive, classified, or confidential data,” the PTA warned. If exploited, such vulnerabilities could open the door to full system compromise, data theft, or broader network intrusions.
To mitigate the risk, the PTA has strongly recommended that all users and IT administrators immediately apply the latest security patches issued by Microsoft. The authority has directed users to consult the Microsoft Security Update Guide, which offers detailed instructions on how to locate and deploy relevant updates across various Microsoft Office products. Ensuring systems are current with the latest patches is described as the most effective line of defense against these active threats.
This advisory serves as a timely reminder of the constant and evolving threat landscape faced by both individual users and enterprise IT departments. It also reflects PTA’s ongoing role in safeguarding the national digital ecosystem by raising awareness of emerging cyber threats and providing actionable guidance for mitigation.
Organizations handling sensitive data, in particular, are urged to act without delay and take the necessary steps to harden their digital infrastructure against these newly reported Microsoft Office vulnerabilities.
