KLA12109 Multiple vulnerabilities in Microsoft Office

Detect date:

03/09/2021

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information, bypass security restrictions.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft Office 2016 (64-bit edition)
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Visio 2016 (32-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
Microsoft Visio 2016 (64-bit edition)
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Excel 2013 RT Service Pack 1
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for Mac
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Visio 2010 Service Pack 2 (64-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
Microsoft Office Web Apps 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office Online Server
Microsoft SharePoint Server 2019
Microsoft PowerPoint 2013 RT Service Pack 1
Microsoft Visio 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2019 for 64-bit editions
Microsoft Visio 2013 Service Pack 1 (64-bit editions)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-24104
CVE-2021-27053
CVE-2021-27052
CVE-2021-27059
CVE-2021-27054
CVE-2021-27055
CVE-2021-27057
CVE-2021-27056
CVE-2021-27058
CVE-2021-27076
CVE-2021-24108

Impacts:

ACE

Related products:

Microsoft Visio 2010

CVE-IDS:

CVE-2021-241044.6Warning
CVE-2021-270537.8Critical
CVE-2021-270525.3High
CVE-2021-270597.6Critical
CVE-2021-270547.8Critical
CVE-2021-270557.0High
CVE-2021-270577.8Critical
CVE-2021-270567.8Critical
CVE-2021-270587.8Critical
CVE-2021-270768.8Critical
CVE-2021-241087.8Critical

KB list:

4493228
4493214
4484376
4493224
4493177
4493227
4493225
4504703
4493239
4493231
4493238
4493232
4493233
4493234
4493199
4493229
4493203
4486673
4493151
4504702
4504707
4493200
3101541
4493230

Microsoft official advisories: