Kaspersky LabKLA20044KLA20044 Multiple vulnerabilities in Microsoft Office
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.6%
Detect date:
11/08/2022
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface.
Affected products:
Microsoft Excel 2013 RT Service Pack 1
SharePoint Server Subscription Edition Language Pack
Microsoft Office 2019 for 64-bit editions
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2013 RT Service Pack 1
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office Online Server
Microsoft Office 2019 for Mac
Microsoft SharePoint Server 2019
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Word 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server Subscription Edition
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2022-41062
CVE-2022-41061
CVE-2022-41103
CVE-2022-41104
CVE-2022-41063
CVE-2022-41107
CVE-2022-41060
CVE-2022-41105
CVE-2022-41106
CVE-2022-41122
ADV220003
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-410628.8Critical
CVE-2022-410617.8Critical
CVE-2022-411035.5High
CVE-2022-411045.5High
CVE-2022-410637.8Critical
CVE-2022-411077.8Critical
CVE-2022-410605.5High
CVE-2022-411055.5High
CVE-2022-411068.8Critical
CVE-2022-411226.5High
KB list:
5002269
5002264
5002258
5002271
5002267
5002305
5002303
5002276
5002296
5002217
5002275
5002235
5002302
5002291
5002253
5002223
5002294
5002261
3191869
3191875
Microsoft official advisories:
References
support.microsoft.com/kb/3191869
support.microsoft.com/kb/3191875
support.microsoft.com/kb/5002217
support.microsoft.com/kb/5002223
support.microsoft.com/kb/5002235
support.microsoft.com/kb/5002253
support.microsoft.com/kb/5002258
support.microsoft.com/kb/5002261
support.microsoft.com/kb/5002264
support.microsoft.com/kb/5002267
support.microsoft.com/kb/5002269
support.microsoft.com/kb/5002271
support.microsoft.com/kb/5002275
support.microsoft.com/kb/5002276
support.microsoft.com/kb/5002291
support.microsoft.com/kb/5002294
support.microsoft.com/kb/5002296
support.microsoft.com/kb/5002302
support.microsoft.com/kb/5002303
support.microsoft.com/kb/5002305
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41106
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41122
msrc.microsoft.com/update-guide/en-US/vulnerability/ADV220003
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41063
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41105
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41106
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41107
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-SharePoint/
threats.kaspersky.com/en/product/Microsoft-Word/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.6%