Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12525
HistoryMay 10, 2022 - 12:00 a.m.

KLA12525 Multiple vulnerabilities in Microsoft Office

2022-05-1000:00:00
Kaspersky Lab
threats.kaspersky.com
58

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.07 Low

EPSS

Percentile

93.8%

JSON

Detect date:

05/10/2022

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, gain privileges.

Affected products:

Microsoft Publisher 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Word 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Publisher 2013 Service Pack 1 (64-bit editions)
Microsoft Publisher 2016 (32-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Server 2019
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft Office Online Server
Microsoft Word 2016 (32-bit edition)
Microsoft Office LTSC for Mac 2021
Microsoft SharePoint Server Subscription Edition
Microsoft Word 2016 (64-bit edition)
Microsoft Excel 2016 (32-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Publisher 2016 (64-bit edition)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-29109
CVE-2022-29108
CVE-2022-29107
CVE-2022-29110
CVE-2022-26934

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2022-269346.5High
CVE-2022-291097.8Critical
CVE-2022-291088.8Critical
CVE-2022-291075.5High
CVE-2022-291107.8Critical

Microsoft official advisories:

KB list:

4493152
5002195
5002204
5002194
5002196
5002205
5002199
5002207
4484347
5002203
5002187
5002184

References

Related

nessus 25
openvas 16
cnvd 1
prion 5
cve 5
mskb 28
mscve 5
zdi 1
rapid7blog 1
qualysblog 1
kaspersky 2
nessus
nessus
Security Updates for Microsoft Office Web Apps (May 2022)
2022-05-12 00:00:00
Security Updates for Microsoft Excel Products C2R (May 2022)
2022-06-10 00:00:00
Security Updates for Microsoft SharePoint Server 2016 (May 2022)
2022-05-10 00:00:00
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (May 2022)
2022-05-12 00:00:00
Microsoft Publisher 2013 Security Feature Bypass Vulnerability (KB4484347)
2022-05-11 00:00:00
Microsoft Word 2013 Service Pack 1 Security Feature Bypass Vulnerability (KB5002187)
2022-05-11 00:00:00
cnvd
cnvd
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2022-59592)
2022-05-12 00:00:00
prion
prion
Remote code execution
2022-05-10 21:15:00
Remote code execution
2022-05-10 21:15:00
Remote code execution
2022-05-10 21:15:00
cve
cve
CVE-2022-29109
2022-05-10 21:15:00
CVE-2022-29110
2022-05-10 21:15:00
CVE-2022-29108
2022-05-10 21:15:00
mskb
mskb
Description of the security update for Excel 2016: May 10, 2022 (KB5002196)
2022-05-10 08:00:00
Description of the security update for SharePoint Server 2019: May 10, 2022 (KB5002207)
2022-05-10 08:00:00
Description of the security update for Excel 2013: May 10, 2022 (KB5002204)
2022-05-10 08:00:00
mscve
mscve
Microsoft Excel Remote Code Execution Vulnerability
2022-05-10 08:00:00
Microsoft Office Security Feature Bypass Vulnerability
2022-05-10 08:00:00
Microsoft SharePoint Server Remote Code Execution Vulnerability
2022-05-10 08:00:00
zdi
zdi
Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability
2023-05-04 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - May 2022
2022-05-10 19:59:20
qualysblog
qualysblog
May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities with 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities with 16 Critical.
2022-05-10 19:29:16
kaspersky
kaspersky
KLA12524 Multiple vulnerabilities in Microsoft Products (ESU)
2022-05-10 00:00:00
KLA12526 Multiple vulnerabilities in Microsoft Windows
2022-05-10 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.07 Low

EPSS

Percentile

93.8%

JSON
Related for KLA12525
nessus25openvas16cnvd1prion5cve5mskb28mscve5zdi1rapid7blog1qualysblog1kaspersky2