Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12389
HistoryDec 14, 2021 - 12:00 a.m.

KLA12389 Multiple vulnerabilities in Microsoft Office

2021-12-1400:00:00
Kaspersky Lab
threats.kaspersky.com
54

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.8%

JSON

Detect date:

12/14/2021

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface, obtain sensitive information.

Affected products:

Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Office Online Server
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office 2019 for Mac
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Excel 2013 RT Service Pack 1
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-42293
CVE-2021-43875
CVE-2021-43255
CVE-2021-42320
CVE-2021-42294
CVE-2021-42309
CVE-2021-42295
CVE-2021-43242
CVE-2021-43256
CVE-2021-43876

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2021-422936.5High
CVE-2021-438757.8Critical
CVE-2021-432555.5High
CVE-2021-423205.7High
CVE-2021-422947.2High
CVE-2021-423098.8Critical
CVE-2021-422955.5High
CVE-2021-432425.7High
CVE-2021-432567.8Critical
CVE-2021-438768.8Critical

KB list:

5002054
5002047
4504710
4504745
5002101
5002045
5002015
5002099
5002033
5002103
4486726
5002059
5002008
5002055
5002098
5002061
5002097
5002105
5002071
5002104

Microsoft official advisories:

References

Related

nessus 9
mskb 20
cnvd 6
cve 10
mscve 10
prion 10
zdi 2
rapid7blog 1
avleonov 1
thn 1
malwarebytes 1
threatpost 1
nessus
nessus
Security Updates for Microsoft Office Products (December 2021)
2021-12-14 00:00:00
Security Updates for Microsoft Office Products C2R (December 2021)
2022-06-10 00:00:00
Security Updates for Microsoft SharePoint Server 2019 (December 2021)
2022-02-18 00:00:00
mskb
mskb
Description of the security update for SharePoint Server 2019: December 14, 2021 (KB5002054)
2021-12-14 08:00:00
Description of the security update for SharePoint Enterprise Server 2016: December 14, 2021 (KB5002055)
2021-12-14 08:00:00
Description of the security update for SharePoint Server Subscription Edition: December 14, 2021 (KB5002045)
2021-12-14 08:00:00
cnvd
cnvd
Microsoft SharePoint Elevation of Privilege Vulnerability (CNVD-2022-01686)
2021-12-30 00:00:00
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-101710)
2021-12-19 00:00:00
Microsoft Excel Remote Code Execution Vulnerability (CNVD-2021-102059)
2021-12-19 00:00:00
cve
cve
CVE-2021-43876
2021-12-29 23:15:00
CVE-2021-43256
2021-12-15 15:15:00
CVE-2021-43255
2021-12-15 15:15:00
mscve
mscve
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
2021-12-14 08:00:00
Microsoft Office Graphics Remote Code Execution Vulnerability
2021-12-14 08:00:00
Microsoft Office Trust Center Spoofing Vulnerability
2021-12-14 08:00:00
prion
prion
Remote code execution
2021-12-15 15:15:00
Privilege escalation
2021-12-15 15:15:00
Remote code execution
2021-12-15 15:15:00
zdi
zdi
Microsoft SharePoint Server-Side Control Improper Input Validation Remote Code Execution Vulnerability
2022-01-14 00:00:00
Microsoft Word glTF-SDK Integer Overflow Remote Code Execution Vulnerability
2022-06-02 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2021
2021-12-14 22:12:53
avleonov
avleonov
Microsoft Patch Tuesday December 2021
2021-12-16 20:53:37
thn
thn
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware
2021-12-15 07:14:00
malwarebytes
malwarebytes
[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates
2021-11-10 14:30:23
threatpost
threatpost
Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
2021-12-14 22:21:35

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.8%

JSON
Related for KLA12389
nessus9mskb20cnvd6cve10mscve10prion10zdi2rapid7blog1avleonov1thn1malwarebytes1threatpost1