Kaspersky LabKLA12480KLA12480 Multiple vulnerabilities in Microsoft Office
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%
Detect date:
03/08/2022
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface, obtain sensitive information.
Affected products:
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Word 2016 (64-bit edition)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Skype Extension for Chrome
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for Mac
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office 2019 for 32-bit editions
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2022-24462
CVE-2022-24510
CVE-2022-24461
CVE-2022-24511
CVE-2022-24522
CVE-2022-24509
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-244625.5High
CVE-2022-245107.8Critical
CVE-2022-244617.8Critical
CVE-2022-245115.5High
CVE-2022-245226.5High
CVE-2022-245097.8Critical
KB list:
Microsoft official advisories:
References
support.microsoft.com/kb/5002068
support.microsoft.com/kb/5002139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24522
nvd.nist.gov/vuln/detail/CVE-2022-24461
nvd.nist.gov/vuln/detail/CVE-2022-24462
nvd.nist.gov/vuln/detail/CVE-2022-24509
nvd.nist.gov/vuln/detail/CVE-2022-24510
nvd.nist.gov/vuln/detail/CVE-2022-24511
nvd.nist.gov/vuln/detail/CVE-2022-24522
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Word/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%