The Pakistan Telecommunication Authority (PTA) has released a high-priority Cyber Security Advisory warning users and organizations about multiple severe vulnerabilities discovered in widely used Microsoft products. These vulnerabilities affect Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Office LTSC 2021 and 2024, as well as various versions of Microsoft SharePoint Server.
These flaws, if not immediately addressed, could allow hackers to execute arbitrary code, escalate privileges, and compromise entire systems. The advisory underscores the urgent need for prompt updates and security patches to prevent exploitation.
Vulnerabilities Identified
The advisory highlights three specific security flaws affecting key components of Microsoft Office:
- Microsoft Visio (CVE-2024-43505): This vulnerability allows remote code execution when a specially crafted Visio file is opened. A successful exploit could grant the attacker full control over the system.
- Microsoft Excel (CVE-2024-43504): A use-after-free vulnerability in Excel could enable attackers to run malicious code through manipulated files, potentially compromising sensitive data or critical operations.
- Microsoft SharePoint (CVE-2024-43503): This flaw allows authenticated users to escalate their privileges using specially designed requests, increasing the risk of unauthorized system access and control.
Security Risks and Impact
The PTA has labeled these vulnerabilities as high in severity. These are not just theoretical risks—they can be exploited to gain control over affected devices, install malware, steal sensitive information, or conduct surveillance. Systems that are unpatched or running outdated versions of Microsoft software are particularly vulnerable.
In enterprise environments, where these Microsoft products are used extensively, an attack could result in large-scale data breaches, disruption of business continuity, or even compromise of national security interests in government or defense-related systems.
Urgent Recommendations by PTA
To mitigate the risk, the PTA has strongly urged all users, system administrators, and IT teams to take immediate action. The first and most crucial step is to install the latest security updates from Microsoft. Users are advised to consult the Microsoft Security Update Guide to identify and apply the relevant patches.
In addition to patching, organizations should conduct comprehensive audits of their IT infrastructure to identify systems running vulnerable software. Strengthening cybersecurity protocols, especially related to user permissions, access control, and file processing, is essential.
System administrators should also educate employees about the dangers of opening suspicious files and improve email and network security filters to detect potentially malicious documents before they can cause harm.
Consequences of Delayed Action
PTA’s advisory stresses that delaying updates or ignoring these vulnerabilities could lead to targeted cyberattacks. In such cases, attackers could exploit these flaws to infiltrate networks, steal confidential information, or paralyze critical services. The cost of recovery from such attacks could be massive—not just financially, but also in terms of trust, reputation, and operational disruption.
With the increasing frequency and complexity of cyber threats, especially in sectors like finance, healthcare, telecommunications, and government, timely response to known vulnerabilities is vital for national and organizational security.
A Wake-Up Call for Cybersecurity in Pakistan
This advisory serves as a strong reminder that cybersecurity is a shared responsibility. As digital adoption grows in Pakistan, so does the threat surface. The vulnerabilities in Microsoft Office products highlight the importance of maintaining up-to-date systems and proactively managing IT security.
Pakistan’s businesses and institutions must treat such alerts with the seriousness they deserve. Timely updates, continuous monitoring, and strict cybersecurity policies are no longer optional—they are essential for safeguarding digital infrastructure.
The PTA continues to monitor the cybersecurity landscape and is committed to providing timely guidance to protect Pakistan’s digital ecosystem. Users and organizations are encouraged to stay alert and take immediate action to shield themselves from evolving threats.
