Kaspersky LabKLA12564KLA12564 Multiple vulnerabilities in Microsoft Office
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.1%
Detect date:
06/14/2022
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.
Affected products:
Microsoft Excel 2013 RT Service Pack 1
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Excel 2016 (32-bit edition)
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Office Online Server
Microsoft SharePoint Enterprise Server 2016
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Server Subscription Edition
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Server 2019
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2022-30172
CVE-2022-30159
CVE-2022-30171
CVE-2022-30157
CVE-2022-30173
CVE-2022-30174
CVE-2022-30158
Impacts:
ACE
Related products:
KB list:
5002218
5002212
5002224
5002214
5002062
5002167
5002222
5002208
5002219
5002210
5002220
Microsoft official advisories:
References
support.microsoft.com/kb/5002062
support.microsoft.com/kb/5002167
support.microsoft.com/kb/5002208
support.microsoft.com/kb/5002210
support.microsoft.com/kb/5002212
support.microsoft.com/kb/5002214
support.microsoft.com/kb/5002218
support.microsoft.com/kb/5002219
support.microsoft.com/kb/5002220
support.microsoft.com/kb/5002222
support.microsoft.com/kb/5002224
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30157
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30159
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30171
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30172
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30173
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30174
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-SharePoint/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.1%