KLA11512Multiple vulnerabilities in Microsoft Office

2019-07-09T00:00:00
ID KLA11512
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-05-22T00:00:00

Description

Detect date:

07/09/2019

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface.

Affected products:

Microsoft Office 2016 for Mac
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2019 for Mac
Microsoft Excel 2016 (32-bit edition)
Office 365 ProPlus for 64-bit Systems
Office 365 ProPlus for 32-bit Systems
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2019 for 64-bit editions
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft Outlook 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Skype for Business 2016 (32-bit)
Microsoft Office 2016 (32-bit edition)
Skype for Business 2016 Basic (64-bit)
Microsoft Exchange Server 2019 Cumulative Update 2
Microsoft Lync 2013 Service Pack 1 (32-bit)
Mail and Calendar
Skype for Business 2016 Basic (32-bit)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Outlook for iOS
Microsoft Exchange Server 2013 Cumulative Update 23
Skype for Business 2016 (64-bit)
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Exchange Server 2016 Cumulative Update 12
Microsoft Outlook for Android
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Lync Basic 2013 Service Pack 1 (32-bit)
Microsoft Lync Basic 2013 Service Pack 1 (64-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Exchange Server 2019 Cumulative Update 1
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2016 Cumulative Update 13
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1110
CVE-2019-1084
CVE-2019-1111
CVE-2019-1109
CVE-2019-1112
CVE-2019-1134
CVE-2019-1006

Impacts:

ACE

Related products:

Microsoft Lync

CVE-IDS:

CVE-2019-10060.0Unknown
CVE-2019-10840.0Unknown
CVE-2019-11100.0Unknown
CVE-2019-11110.0Unknown
CVE-2019-11090.0Unknown
CVE-2019-11120.0Unknown
CVE-2019-11340.0Unknown

Microsoft official advisories:

KB list:

4464592
4464558
4475517
4475509
4475514
4475545
4475519
4475513
4464572
4464565
4464543
4461539
4462224
4464534
4018375
4475529
4475520
4475522
4475527
4475510