KLA12042 Multiple vulnerabilities in Microsoft Office

Detect date:

01/12/2021

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Server 2019
Microsoft Excel 2013 RT Service Pack 1
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Excel 2016 (32-bit edition)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2016 (64-bit edition)
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Office 2019 for 64-bit editions
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Online Server
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office 2019 for 32-bit editions
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Excel Services
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2019 for Mac

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-1716
CVE-2021-1715
CVE-2021-1707
CVE-2021-1718
CVE-2021-1714
CVE-2021-1641
CVE-2021-1711
CVE-2021-1717
CVE-2021-1712
CVE-2021-1713
CVE-2021-1719

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2021-17167.8Critical
CVE-2021-17157.8Critical
CVE-2021-17078.8Critical
CVE-2021-17188.0Critical
CVE-2021-17147.8Critical
CVE-2021-16414.6Warning
CVE-2021-17117.8Critical
CVE-2021-17174.6Warning
CVE-2021-17128.0Critical
CVE-2021-17137.8Critical
CVE-2021-17198.0Critical

KB list:

4493175
4493186
4486762
4493178
4486683
4493145
4486755
4486736
4493160
4493165
4493142
4493176
4486759
4493171
4493143
4493156
4493163
4493167
4486764
4493187
4493183
4493162
4493168
4493181
4486724
4493161

Microsoft official advisories: