Use-After-Free RCE in Microsoft Office Preview Pane

Successful exploitation allows arbitrary code execution in the security context of the user running Microsoft Office or the component handling the previewed document. Because the flaw can be triggered through the Preview Pane, exploitation may require less user interaction than a normal malicious-document attack, increasing the likelihood of compromise through phishing or document delivery workflows. This can enable follow-on actions such as malware execution, data theft, persistence, or lateral movement depending on the privileges of the compromised user.

Until patches are fully deployed, reduce exposure by disabling or restricting use of the Office Preview Pane where operationally feasible, blocking or sandboxing untrusted Office documents received via email or web download, and using attachment filtering and detonation for inbound documents. Additional mitigations include enforcing least privilege for end users, enabling endpoint protection capable of detecting malicious document behavior, and limiting execution of child processes or macros from Office applications where possible. These are general mitigations inferred from the described Preview Pane attack path; the provided content does not include Microsoft-specific workaround guidance for this CVE.

Apply Microsoft's October 2025 security updates for Microsoft Office that address CVE-2025-59227. The supplied content identifies this CVE as patched by Microsoft as part of the October 2025 Patch Tuesday release. Organizations should deploy the relevant Office security updates across affected endpoints and ensure Office installations are fully updated through supported servicing channels.