Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12316
HistoryOct 12, 2021 - 12:00 a.m.

KLA12316 Multiple vulnerabilities in Microsoft Office

2021-10-1200:00:00
Kaspersky Lab
threats.kaspersky.com
69

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.136 Low

EPSS

Percentile

95.5%

JSON

Detect date:

10/12/2021

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, spoof user interface.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for Mac
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft SharePoint Server 2019
Microsoft Office Online Server
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Excel 2016 (64-bit edition)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-40454
CVE-2021-41344
CVE-2021-40481
CVE-2021-40483
CVE-2021-40473
CVE-2021-40487
CVE-2021-40482
CVE-2021-40480
CVE-2021-40486
CVE-2021-40485
CVE-2021-40479
CVE-2021-40471
CVE-2021-40474
CVE-2021-40484
CVE-2021-40472

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2021-404545.5High
CVE-2021-413448.1Critical
CVE-2021-404817.1High
CVE-2021-404837.6Critical
CVE-2021-404737.8Critical
CVE-2021-404878.1Critical
CVE-2021-404825.3High
CVE-2021-404807.8Critical
CVE-2021-404867.8Critical
CVE-2021-404857.8Critical
CVE-2021-404797.8Critical
CVE-2021-404717.8Critical
CVE-2021-404747.8Critical
CVE-2021-404847.6Critical
CVE-2021-404725.5High

KB list:

5001960
5001985
5002029
5002043
5002004
4461476
5002036
5001924
5002027
5002042
5001982
5002006
5002030
4493202
5002028
4018332

Microsoft official advisories:

References

Related

nessus 20
mskb 27
openvas 16
cnvd 5
mscve 15
prion 15
cve 15
checkpoint_advisories 1
zdi 5
thn 1
talos 1
rapid7blog 1
threatpost 1
malwarebytes 1
krebs 1
qualysblog 1
avleonov 1
kaspersky 2
nessus
nessus
Security Updates for Microsoft Office Products (October 2021)
2021-10-12 00:00:00
Security Updates for Microsoft Office Products C2R (October 2021)
2022-06-10 00:00:00
Security Updates for Microsoft SharePoint Server 2019 (October 2021)
2021-10-12 00:00:00
mskb
mskb
Description of the security update for SharePoint Server 2019: October 12, 2021 (KB5002028)
2021-10-12 07:00:00
Description of the security update for Office 2016: October 12, 2021 (KB5001982)
2021-10-12 07:00:00
Description of the security update for Office 2013: October 12, 2021 (KB5001985)
2021-10-12 07:00:00
openvas
openvas
Microsoft Office 2016 Multiple Vulnerabilities (KB5001982)
2021-10-13 00:00:00
Microsoft Excel 2016 Multiple Vulnerabilities (KB5002030)
2021-10-13 00:00:00
Microsoft Office Web Apps Server 2013 Service Pack 1 Multiple Vulnerabilities (KB5002036)
2021-10-13 00:00:00
cnvd
cnvd
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59597)
2021-10-14 00:00:00
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59598)
2021-10-14 00:00:00
Microsoft SharePoint Server Information Disclosure Vulnerability (CNVD-2021-82955)
2021-10-13 00:00:00
mscve
mscve
Microsoft Excel Remote Code Execution Vulnerability
2021-10-12 07:00:00
Microsoft SharePoint Server Spoofing Vulnerability
2021-10-12 07:00:00
Microsoft Excel Remote Code Execution Vulnerability
2021-10-12 07:00:00
prion
prion
Spoofing
2021-10-13 01:15:00
Remote code execution
2021-10-13 01:15:00
Information disclosure
2021-10-13 01:15:00
cve
cve
CVE-2021-40479
2021-10-13 01:15:00
CVE-2021-40484
2021-10-13 01:15:00
CVE-2021-40480
2021-10-13 01:15:00
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Server Remote Code Execution (CVE-2021-40487)
2021-10-13 00:00:00
zdi
zdi
Microsoft SharePoint Workflow Deserialization of Untrusted Data Remote Code Execution Vulnerability
2021-10-21 00:00:00
Microsoft Office Visio WMF File Parsing Use-After-Free Remote Code Execution Vulnerability
2021-10-14 00:00:00
Microsoft Office Visio EMF File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability
2021-10-14 00:00:00
thn
thn
Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack
2021-10-13 05:49:00
talos
talos
Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability
2021-10-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - October 2021
2021-10-12 19:47:16
threatpost
threatpost
Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs
2021-10-12 21:51:06
malwarebytes
malwarebytes
Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday
2021-10-13 15:41:24
krebs
krebs
Patch Tuesday, October 2021 Edition
2021-10-12 19:52:09
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities
2021-10-13 14:14:18
avleonov
avleonov
Security News: Microsoft Patch Tuesday October 2021, Autodiscover, MysterySnail, Exchange, DNS, Apache, HAProxy, VMware vCenter, Moodle
2021-10-21 00:23:01
kaspersky
kaspersky
KLA12309 Multiple vulnerabilities in Microsoft Products (ESU)
2021-10-12 00:00:00
KLA12310 Multiple vulnerabilities in Microsoft Windows
2021-10-12 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.136 Low

EPSS

Percentile

95.5%

JSON
Related for KLA12316
nessus20mskb27openvas16cnvd5mscve15prion15cve15checkpoint_advisories1zdi5thn1talos1rapid7blog1threatpost1malwarebytes1krebs1qualysblog1avleonov1kaspersky2