Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11604
HistoryNov 12, 2019 - 12:00 a.m.

KLA11604 Multiple vulnerabilities in Microsoft Office

2019-11-1200:00:00
Kaspersky Lab
threats.kaspersky.com
46

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

Detect date:

11/12/2019

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, spoof user interface, execute arbitrary code.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft Office 2019 for Mac
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Office 365 ProPlus for 32-bit Systems
Microsoft Office Online Server
Microsoft Office 2016 (64-bit edition)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Excel 2016 for Mac
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2016 for Mac
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Office 365 ProPlus for 64-bit Systems
Microsoft SharePoint Server 2019
Excel Services
Office Online Server
Microsoft Excel 2016 (32-bit edition)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1443
CVE-2019-1449
CVE-2019-1447
CVE-2019-1446
CVE-2019-1445
CVE-2019-1448
CVE-2019-1457
CVE-2019-1402
CVE-2019-1442

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2019-14434.0Warning
CVE-2019-14475.8High
CVE-2019-14464.3Warning
CVE-2019-14455.8High
CVE-2019-14489.3Critical
CVE-2019-14576.8High
CVE-2019-14022.1Warning
CVE-2019-14424.3Warning

Microsoft official advisories:

KB list:

4484142
4484148
4484159
4484119
4484143
4484164
4484160
4484113
4484149
4484151
4484144
4484127
4484141
4484158
4484157
4484165
4484152

References

Related

nessus 7
openvas 11
mskb 17
cve 9
prion 9
threatpost 2
symantec 9
mscve 9
checkpoint_advisories 2
talosblog 3
talos 1
cert 1
attackerkb 1
githubexploit 1
krebs 1
qualysblog 1
nessus
nessus
Security Updates for Microsoft Office Products (November 2019)
2019-11-12 00:00:00
Security Updates for Microsoft Office Products C2R (November 2019)
2022-06-10 00:00:00
Security Updates for Microsoft Office Products (November 2019) (macOS)
2019-11-13 00:00:00
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Nov 2019)
2019-11-13 00:00:00
Microsoft Office Multiple Vulnerabilities (Nov 2019) - Mac OS X
2019-11-13 00:00:00
Microsoft Excel 2010 Service Pack 2 Multiple Vulnerabilities (KB4484164)
2019-11-13 00:00:00
mskb
mskb
Description of the security update for Office Online Server: November 12, 2019
2019-11-12 08:00:00
Description of the security update for Excel 2016: November 12, 2019
2019-11-12 08:00:00
Description of the security update for Excel 2013: November 12, 2019
2019-11-12 08:00:00
cve
cve
CVE-2019-1445
2019-11-12 19:15:00
CVE-2019-1447
2019-11-12 19:15:00
CVE-2019-1448
2019-11-12 19:15:00
prion
prion
Spoofing
2019-11-12 19:15:00
Spoofing
2019-11-12 19:15:00
Information disclosure
2019-11-12 19:15:00
threatpost
threatpost
Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros
2020-08-06 13:02:29
Microsoft Patches RCE Bug Actively Under Attack
2019-11-12 21:35:20
symantec
symantec
Microsoft SharePoint CVE-2019-1443 Information Disclosure Vulnerability
2019-11-12 00:00:00
Microsoft Office CVE-2019-1457 Security Bypass Vulnerability
2019-11-12 00:00:00
Microsoft Excel CVE-2019-1448 Remote Code Execution Vulnerability
2019-11-12 00:00:00
mscve
mscve
Microsoft SharePoint Information Disclosure Vulnerability
2019-11-12 08:00:00
Microsoft Excel Remote Code Execution Vulnerability
2019-11-12 08:00:00
Microsoft Office ClickToRun Security Feature Bypass Vulnerability
2019-11-12 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Information Disclosure (CVE-2019-1443)
2020-04-16 00:00:00
Microsoft Excel Remote Code Execution (CVE-2019-1448)
2020-02-27 00:00:00
talosblog
talosblog
Threat Source newsletter (Nov. 14, 2019)
2019-11-14 11:00:03
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel
2019-11-12 11:07:18
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
2019-11-12 11:58:09
talos
talos
Microsoft Office Excel WorksheetOptions Code Execution Vulnerability
2019-11-12 00:00:00
cert
cert
Microsoft Office for Mac cannot properly disable XLM macros
2019-11-01 00:00:00
attackerkb
attackerkb
Automatic macro execution bug in Office Mac _when_ macros are disabled
2019-11-12 00:00:00
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
2019-11-14 19:11:27
krebs
krebs
Patch Tuesday, November 2019 Edition
2019-11-12 22:04:32
qualysblog
qualysblog
November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe
2019-11-12 19:28:42

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON
Related for KLA11604
nessus7openvas11mskb17cve9prion9threatpost2symantec9mscve9checkpoint_advisories2talosblog3talos1cert1attackerkb1githubexploit1krebs1qualysblog1