CISA has added two critical vulnerabilities impacting Microsoft Office PowerPoint and HPE OneView to its KEV catalog, with evidence of active exploitation. Organizations are urged to apply security updates to mitigate risks, especially given the availability of proof-of-concept exploits. #MicrosoftOffice #HPEOneView
Keypoints
- The vulnerabilities impact Microsoft Office PowerPoint and HPE OneView, with active exploitation evidence.
- CVE-2009-0556 allows remote code execution via memory corruption in PowerPoint.
- CVE-2025-37164 impacts all prior versions of HPE OneView and enables remote code execution.
- HPE released hotfixes for OneView versions 5.20 through 10 to address the vulnerability.
- Federal agencies are advised to implement security fixes by January 28, 2026, to prevent attacks.
Read More: https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html