KLA11386 Multiple vulnerabilities in Microsoft Office

Detect date:

12/11/2018

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface.

Affected products:

Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Office 365 ProPlus for 32-bit Systems
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office 2019 for 64-bit editions
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2019 for Mac
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 32-bit editions
Office 365 ProPlus for 64-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft Office Web Apps 2013 Service Pack 1
Office Online Server
Microsoft PowerPoint Viewer
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Server 2019
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
Microsoft PowerPoint 2013 RT Service Pack 1
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
Excel Services
Microsoft Excel Viewer 2007 Service Pack 3

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8597
CVE-2018-8635
CVE-2018-8598
CVE-2018-8636
CVE-2018-8580
CVE-2018-8587
CVE-2018-8628
CVE-2018-8650
CVE-2018-8627

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2018-85979.3Critical
CVE-2018-86356.5High
CVE-2018-85982.6Warning
CVE-2018-86369.3Critical
CVE-2018-85804.3Warning
CVE-2018-85879.3Critical
CVE-2018-86289.3Critical
CVE-2018-86503.5Warning
CVE-2018-86274.3Warning

KB list:

4011680
4461577
4461542
4461559
4461570
4461565
4461558
4461541
4461465
4461549
4461580
4461556
4461544
4461576
4461521
4011027
4461481
4461548
2597975
4461532
4011207
2965312
4092472
4461551
4461569
4461566

Microsoft official advisories:

Exploitation:

Public exploits exist for this vulnerability.