WPS Office Releases Critical Update - 20240819002

Overview

The WA SOC has been made aware of vulnerabilities within versions of WPS Office that allow attackers to load and execute arbitrary Windows libraries.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
WPS Office	\< 12.2.0.17153	CVE-2024-7262 CVE-2024-7263	9.3 9.3	Critical Critical

What has been observed?

Active exploitation in the wild has been detected. There is currently no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• WPS Office release notes: https://www.wps.com/whatsnew/pc/

Additional References

• CyberSecurity News article: https://securityonline.info/wps-office-vulnerabilities-expose-200-million-users-cve-2024-7262-exploited-in-the-wild/