Kaspersky LabKLA11633KLA11633 Multiple vulnerabilities in Microsoft Office
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
88.2%
Detect date:
01/14/2020
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface.
Affected products:
Microsoft Office 2019 for Mac
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016 for Mac
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Office Online Server
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (32-bit edition)
One Drive for Android
Microsoft Office 2019 for 64-bit editions
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2020-0654
CVE-2020-0652
CVE-2020-0653
CVE-2020-0650
CVE-2020-0651
CVE-2020-0647
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-06546.4High
CVE-2020-06526.8High
CVE-2020-06539.3Critical
CVE-2020-06509.3Critical
CVE-2020-06519.3Critical
CVE-2020-06475.8High
KB list:
4484221
4484236
4484234
4484243
4484217
4484227
4484223
Microsoft official advisories:
References
support.microsoft.com/kb/4484217
support.microsoft.com/kb/4484221
support.microsoft.com/kb/4484223
support.microsoft.com/kb/4484227
support.microsoft.com/kb/4484234
support.microsoft.com/kb/4484236
support.microsoft.com/kb/4484243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0647
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0653
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0654
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0647
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0650
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0651
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0652
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0653
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0654
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
88.2%