Kaspersky LabKLA11049KLA11049 Multiple vulnerabilities in Microsoft Office
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.407 Medium
EPSS
Percentile
97.2%
Detect date:
06/13/2017
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and spoof user interface.
Affected products:
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2016
Microsoft Office Compatibility Pack Service Pack 3
Microsoft PowerPoint 2007 Service Pack 3
Microsoft OneNote 2010 Service Pack 2
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1
Microsoft Outlook 2016
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1
Microsoft Word 2016
Microsoft Word for Mac 2011
Microsoft Word 2016 for Mac
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
ADV170008
CVE-2017-8513
CVE-2017-8512
CVE-2017-8511
CVE-2017-8510
CVE-2017-8506
CVE-2017-8507
CVE-2017-8508
CVE-2017-8545
CVE-2017-8509
CVE-2017-0284
CVE-2017-8528
CVE-2017-0292
CVE-2017-0285
CVE-2017-8534
CVE-2017-0283
CVE-2017-8550
CVE-2017-0282
CVE-2017-0260
CVE-2017-8509
CVE-2017-0286
CVE-2017-0287
CVE-2017-0288
CVE-2017-0289
CVE-2017-8527
CVE-2017-8531
CVE-2017-8532
CVE-2017-8533
CVE-2017-8506
CVE-2017-8507
CVE-2017-8508
CVE-2017-8510
CVE-2017-8511
CVE-2017-8512
CVE-2017-8513
CVE-2017-8545
CVE-2017-8551
CVE-2017-8514
Impacts:
ACE
Related products:
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
CVE-IDS:
CVE-2017-02841.9Warning
CVE-2017-85289.3Critical
CVE-2017-02929.3Critical
CVE-2017-02851.9Warning
CVE-2017-85344.3Warning
CVE-2017-02839.3Critical
CVE-2017-85504.3Warning
CVE-2017-02821.9Warning
CVE-2017-02609.3Critical
CVE-2017-85099.3Critical
CVE-2017-02861.9Warning
CVE-2017-02871.9Warning
CVE-2017-02881.9Warning
CVE-2017-02891.9Warning
CVE-2017-85279.3Critical
CVE-2017-85314.3Warning
CVE-2017-85324.3Warning
CVE-2017-85334.3Warning
CVE-2017-85069.3Critical
CVE-2017-85079.3Critical
CVE-2017-85084.3Warning
CVE-2017-85109.3Critical
CVE-2017-85119.3Critical
CVE-2017-85129.3Critical
CVE-2017-85139.3Critical
CVE-2017-85454.3Warning
CVE-2017-85514.3Warning
CVE-2017-85143.5Warning
Microsoft official advisories:
KB list:
3203391
3203393
3191882
3203427
4020732
4020733
4020735
4020736
3178667
3203432
3203484
3203485
4020734
3191837
3162051
3203438
3191939
3203430
3203436
3203386
3203382
3212223
3203458
3118389
3191848
3191943
3191945
3191944
3191828
3203441
3191844
3203466
3203464
3203463
3203460
3191908
3203390
3203392
3172445
3191932
3191938
3127888
3203384
3203383
3191898
3127894
3118304
3203467
3203461
3203387
3213537
3203399
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/3118304
support.microsoft.com/kb/3118389
support.microsoft.com/kb/3127888
support.microsoft.com/kb/3127894
support.microsoft.com/kb/3162051
support.microsoft.com/kb/3172445
support.microsoft.com/kb/3178667
support.microsoft.com/kb/3191828
support.microsoft.com/kb/3191837
support.microsoft.com/kb/3191844
support.microsoft.com/kb/3191848
support.microsoft.com/kb/3191882
support.microsoft.com/kb/3191898
support.microsoft.com/kb/3191908
support.microsoft.com/kb/3191932
support.microsoft.com/kb/3191938
support.microsoft.com/kb/3191939
support.microsoft.com/kb/3191943
support.microsoft.com/kb/3191944
support.microsoft.com/kb/3191945
support.microsoft.com/kb/3203382
support.microsoft.com/kb/3203383
support.microsoft.com/kb/3203384
support.microsoft.com/kb/3203386
support.microsoft.com/kb/3203387
support.microsoft.com/kb/3203390
support.microsoft.com/kb/3203391
support.microsoft.com/kb/3203392
support.microsoft.com/kb/3203393
support.microsoft.com/kb/3203399
support.microsoft.com/kb/3203427
support.microsoft.com/kb/3203430
support.microsoft.com/kb/3203432
support.microsoft.com/kb/3203436
support.microsoft.com/kb/3203438
support.microsoft.com/kb/3203441
support.microsoft.com/kb/3203458
support.microsoft.com/kb/3203460
support.microsoft.com/kb/3203461
support.microsoft.com/kb/3203463
support.microsoft.com/kb/3203464
support.microsoft.com/kb/3203466
support.microsoft.com/kb/3203467
support.microsoft.com/kb/3203484
support.microsoft.com/kb/3203485
support.microsoft.com/kb/3212223
support.microsoft.com/kb/3213537
support.microsoft.com/kb/4020732
support.microsoft.com/kb/4020733
support.microsoft.com/kb/4020734
support.microsoft.com/kb/4020735
support.microsoft.com/kb/4020736
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0260
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0282
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0283
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0284
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0288
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8514
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8551
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170008
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0282
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0284
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0285
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0286
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0287
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0288
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0289
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8514
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8531
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8533
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8534
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8545
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8545
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8551
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats/
threats.kaspersky.com/en/product/Microsoft-Office-PowerPoint/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Outlook/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
threats.kaspersky.com/en/product/Microsoft-Word/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.407 Medium
EPSS
Percentile
97.2%