KLA11551 Multiple vulnerability in Microsoft Office

Detect date:

09/10/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2019 for 64-bit editions
Windows 10 Version 1809 for ARM64-based Systems
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2019 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2012
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server, version 1903 (Server Core installation)
Windows 8.1 for x64-based systems
Windows 10 Version 1703 for x64-based Systems
Office 365 ProPlus for 64-bit Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1803 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1903 for x64-based Systems
Microsoft Office 2013 RT Service Pack 1
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Microsoft Office 2019 for 32-bit editions
Windows Server 2012 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2019
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1709 for 64-based Systems
Office 365 ProPlus for 32-bit Systems
Microsoft Office 2016 (32-bit edition)
Windows RT 8.1
Windows Server 2016
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Windows Server 2012 R2
Windows 10 Version 1903 for ARM64-based Systems
Microsoft Office 2016 (64-bit edition)
Microsoft Project 2013 Service Pack 1 (32-bit editions)
Microsoft Project 2013 Service Pack 1 (64-bit editions)
Microsoft Project 2016 (32-bit edition)
Microsoft Project 2010 Service Pack 2 (32-bit editions)
Microsoft Project 2016 (64-bit edition)
Microsoft Project 2010 Service Pack 2 (64-bit editions)
Microsoft Lync Server 2013
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2016 for Mac
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Office 2019 for Mac
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1261
CVE-2019-1260
CVE-2019-1257
CVE-2019-1262
CVE-2019-1246
CVE-2019-1295
CVE-2019-1264
CVE-2019-1296
CVE-2019-1209
CVE-2019-1263
CVE-2019-1259
CVE-2019-1297

Impacts:

ACE

Related products:

Microsoft Lync

CVE-IDS:

CVE-2019-12616.8High
CVE-2019-12604.0Warning
CVE-2019-12576.5High
CVE-2019-12623.5Warning
CVE-2019-12469.3Critical
CVE-2019-12956.5High
CVE-2019-12646.8High
CVE-2019-12966.5High
CVE-2019-12094.3Warning
CVE-2019-12634.3Warning
CVE-2019-12596.8High
CVE-2019-12979.3Critical

Microsoft official advisories:

KB list:

4484098
4475590
4475596
4475594
4464557
4484099
4475605
4475599
4475591
4475611
4461631
4464548
4464566
4475583
4475589
4475607
4515509
4475566
4475579
4475574