KLA10921Multiple vulnerabilities in Microsoft Office

2016-12-13T00:00:00
ID KLA10921
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

12/13/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges.

Affected products:

Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Excel 2011 for Mac
Microsoft Excel 2016 for Mac
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2
Microsoft Office 2016
Microsoft Word Viewer
Microsoft Word for Mac 2011
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2011 for Mac
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Publisher 2010 Service Pack 2
Microsoft Auto Updater for Mac
Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
Excel Services on Microsoft SharePoint Server 2007 Service Pack 3
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

MS16-148
CVE-2016-7257
CVE-2016-7274
CVE-2016-7277
CVE-2016-7276
CVE-2016-7275
CVE-2016-7268
CVE-2016-7267
CVE-2016-7300
CVE-2016-7291
CVE-2016-7290
CVE-2016-7289
CVE-2016-7262
CVE-2016-7263
CVE-2016-7264
CVE-2016-7265
CVE-2016-7266

Impacts:

ACE

Related products:

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

CVE-IDS:

CVE-2016-72574.3Critical
CVE-2016-72749.3Critical
CVE-2016-72779.3Critical
CVE-2016-72765.8Critical
CVE-2016-72757.2Critical
CVE-2016-72685.8Critical
CVE-2016-72674.3Critical
CVE-2016-73004.6Critical
CVE-2016-72915.8Critical
CVE-2016-72905.8Critical
CVE-2016-72899.3Critical
CVE-2016-72626.8Critical
CVE-2016-72639.3Critical
CVE-2016-72645.8Critical
CVE-2016-72655.8Critical
CVE-2016-72666.8Critical

Microsoft official advisories:

KB list:

3118380
2889841
3128008
3127986
2883033
3128022
3128023
3128026
3128035
3128032
3198800
3128024
3128043
3128044
3128016
3127995
3128019
3127892
3128020
3128029
3198808
3114395
3128037
3127968
3128025
3128034