Kaspersky LabKLA12201KLA12201 Multiple vulnerabilities in Microsoft Office
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.087 Low
EPSS
Percentile
94.4%
Detect date:
06/08/2021
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.
Affected products:
Microsoft SharePoint Enterprise Server 2016
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft Excel 2016 (64-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office 2019 for Mac
Microsoft Excel 2013 RT Service Pack 1
Microsoft Outlook 2016 (32-bit edition)
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft 365 Apps for Enterprise for 64-bit Systems
Office Online Server
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2021-31940
CVE-2021-31949
CVE-2021-26420
CVE-2021-31948
CVE-2021-31966
CVE-2021-31939
CVE-2021-31965
CVE-2021-31941
CVE-2021-31963
CVE-2021-31964
CVE-2021-31950
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2021-319407.8Critical
CVE-2021-319497.3High
CVE-2021-264207.1High
CVE-2021-319487.6Critical
CVE-2021-319667.2High
CVE-2021-319397.8Critical
CVE-2021-319655.7High
CVE-2021-319417.8Critical
CVE-2021-319637.1High
CVE-2021-319647.6Critical
CVE-2021-319507.6Critical
Microsoft official advisories:
KB list:
5001963
5001946
5001944
5001955
5001953
5001943
5001956
5001939
5001934
5001954
5001945
5001947
5001962
4011698
5001950
5001922
5001942
5001951
References
support.microsoft.com/kb/4011698
support.microsoft.com/kb/5001922
support.microsoft.com/kb/5001934
support.microsoft.com/kb/5001939
support.microsoft.com/kb/5001942
support.microsoft.com/kb/5001943
support.microsoft.com/kb/5001944
support.microsoft.com/kb/5001945
support.microsoft.com/kb/5001946
support.microsoft.com/kb/5001947
support.microsoft.com/kb/5001950
support.microsoft.com/kb/5001951
support.microsoft.com/kb/5001953
support.microsoft.com/kb/5001954
support.microsoft.com/kb/5001955
support.microsoft.com/kb/5001956
support.microsoft.com/kb/5001962
support.microsoft.com/kb/5001963
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26420
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31939
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31940
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31941
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31948
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31949
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31950
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31963
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31964
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31965
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31948
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31949
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31966
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Outlook/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.087 Low
EPSS
Percentile
94.4%