Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12414
HistoryJan 11, 2022 - 12:00 a.m.

KLA12414 Multiple vulnerabilities in Microsoft Office

2022-01-1100:00:00
Kaspersky Lab
threats.kaspersky.com
47

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.6%

JSON

Detect date:

01/11/2022

Severity:

Warning

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Exploitation:

Microsoft SharePoint Foundation 2013 Service Pack 1

–

Affected products:

Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office Online Server
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
SharePoint Server Subscription Edition Language Pack

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-21837
CVE-2022-21840
CVE-2022-21841
CVE-2022-21842

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2022-218378.8Critical
CVE-2022-218408.8Critical
CVE-2022-218417.8Critical
CVE-2022-218427.8Critical

Microsoft official advisories:

KB list:

5002057
5002119
5002110
5002107
5002115
5002113
5002128
5002052
5002109
5002124
5002060
5002129
5002102
5002114
5002127
5002111
5002064
5002108
5002122
4462205
5002118
5002116
5001995

References

Related

nessus 12
mskb 23
openvas 12
cve 4
prion 4
mscve 4
cnvd 1
qualysblog 1
avleonov 1
krebs 1
hivepro 1
thn 1
threatpost 1
rapid7blog 1
nessus
nessus
Security Updates for Microsoft SharePoint Server 2016 (January 2022)
2022-01-12 00:00:00
Security Updates for Microsoft Office Products C2R (January 2022)
2022-06-10 00:00:00
Security Updates for Microsoft SharePoint Server Subscription Edition (January 2022)
2022-01-12 00:00:00
mskb
mskb
Description of the security update for SharePoint Enterprise Server 2016: January 11, 2022 (KB5002113)
2022-01-11 08:00:00
Description of the security update for SharePoint Foundation 2013: January 11, 2022 (KB5002127)
2022-01-11 08:00:00
Description of the security update for SharePoint Server 2019: January 11, 2022 (KB5002109)
2022-01-11 08:00:00
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2022)
2022-01-13 00:00:00
Microsoft Office 2013 Remote Code Execution Vulnerability (KB5002119)
2022-01-12 00:00:00
Microsoft Word 2016 RCE Vulnerability (KB5002057)
2022-01-13 00:00:00
cve
cve
CVE-2022-21842
2022-01-11 21:15:00
CVE-2022-21841
2022-01-11 21:15:00
CVE-2022-21837
2022-01-11 21:15:00
prion
prion
Remote code execution
2022-01-11 21:15:00
Remote code execution
2022-01-11 21:15:00
Remote code execution
2022-01-11 21:15:00
mscve
mscve
Microsoft Word Remote Code Execution Vulnerability
2022-01-11 08:00:00
Microsoft Excel Remote Code Execution Vulnerability
2022-01-11 08:00:00
Microsoft SharePoint Server Remote Code Execution Vulnerability
2022-01-11 08:00:00
cnvd
cnvd
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2022-59594)
2022-01-13 00:00:00
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (January 2022) – Microsoft 126 Vulnerabilities with 9 Critical, Adobe 41 Vulnerabilities, 22 critical
2022-01-11 23:32:18
avleonov
avleonov
Microsoft Patch Tuesday January 2022
2022-01-16 20:17:20
krebs
krebs
β€˜Wormable’ Flaw Leads January 2022 Patch Tuesday
2022-01-11 22:18:55
hivepro
hivepro
Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws
2022-01-12 07:30:07
thn
thn
First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability
2022-01-12 06:42:00
threatpost
threatpost
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
2022-01-11 21:54:57
rapid7blog
rapid7blog
Patch Tuesday - January 2022
2022-01-11 21:41:56

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.6%

JSON
Related for KLA12414
nessus12mskb23openvas12cve4prion4mscve4cnvd1qualysblog1avleonov1krebs1hivepro1thn1threatpost1rapid7blog1