Kaspersky LabKLA10902KLA10902 Multiple vulnerabilities in Microsoft Office
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.7 High
EPSS
Percentile
98.0%
Detect date:
11/08/2016
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.
Affected products:
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack1
Microsoft Office 2016
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Excel, Word and PowerPoint Viewers
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS16-133
CVE-2016-7213
CVE-2016-7236
CVE-2016-7235
CVE-2016-7234
CVE-2016-7233
CVE-2016-7232
CVE-2016-7231
CVE-2016-7228
CVE-2016-7229
CVE-2016-7230
CVE-2016-7245
CVE-2016-7244
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2016-72139.3Critical
CVE-2016-72369.3Critical
CVE-2016-72359.3Critical
CVE-2016-72349.3Critical
CVE-2016-72334.3Warning
CVE-2016-72329.3Critical
CVE-2016-72319.3Critical
CVE-2016-72289.3Critical
CVE-2016-72299.3Critical
CVE-2016-72309.3Critical
CVE-2016-72459.3Critical
CVE-2016-72444.3Warning
Microsoft official advisories:
KB list:
3127951
3127950
3127953
3127948
3118395
3198798
3118396
3118390
3115120
3127929
3118378
3127927
3127921
3127889
3127904
3127949
3127954
3115153
3118382
3118381
3115135
3198807
3127893
3127962
2986253
3127932
References
support.microsoft.com/kb/2986253
support.microsoft.com/kb/3115120
support.microsoft.com/kb/3115135
support.microsoft.com/kb/3115153
support.microsoft.com/kb/3118378
support.microsoft.com/kb/3118381
support.microsoft.com/kb/3118382
support.microsoft.com/kb/3118390
support.microsoft.com/kb/3118395
support.microsoft.com/kb/3118396
support.microsoft.com/kb/3127889
support.microsoft.com/kb/3127893
support.microsoft.com/kb/3127904
support.microsoft.com/kb/3127921
support.microsoft.com/kb/3127927
support.microsoft.com/kb/3127929
support.microsoft.com/kb/3127932
support.microsoft.com/kb/3127948
support.microsoft.com/kb/3127949
support.microsoft.com/kb/3127950
support.microsoft.com/kb/3127951
support.microsoft.com/kb/3127953
support.microsoft.com/kb/3127954
support.microsoft.com/kb/3127962
support.microsoft.com/kb/3198798
support.microsoft.com/kb/3198807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7228
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7229
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7231
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7234
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7236
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7245
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7213
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7228
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7229
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7230
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7231
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7232
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7233
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7234
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7235
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7236
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7244
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7245
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms16-133.aspx
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.7 High
EPSS
Percentile
98.0%