Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA20121
HistoryDec 13, 2022 - 12:00 a.m.

KLA20121 Multiple vulnerabilities in Microsoft Office

2022-12-1300:00:00
Kaspersky Lab
threats.kaspersky.com
196

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

Detect date:

12/13/2022

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface.

Affected products:

Microsoft Office 2019 for Mac
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Visio 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Visio 2016 (32-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Visio 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Server Subscription Edition
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft SharePoint Server 2019
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 64-bit editions

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-26806
CVE-2022-26805
CVE-2022-44693
CVE-2022-47211
CVE-2022-26804
CVE-2022-44695
CVE-2022-44694
CVE-2022-44696
CVE-2022-44690
CVE-2022-44713
CVE-2022-47212
CVE-2022-44691
CVE-2022-47213
CVE-2022-44692

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2022-268067.8Critical
CVE-2022-268057.8Critical
CVE-2022-446938.8Critical
CVE-2022-472117.8Critical
CVE-2022-268047.8Critical
CVE-2022-446957.8Critical
CVE-2022-446947.8Critical
CVE-2022-446967.8Critical
CVE-2022-446908.8Critical
CVE-2022-447137.5Critical
CVE-2022-472127.8Critical
CVE-2022-446917.8Critical
CVE-2022-472137.8Critical
CVE-2022-446927.8Critical

KB list:

5002280
5002327
5002319
5002321
5002286
5002317
5002311

Microsoft official advisories:

References

Related

openvas 4
nessus 9
mskb 7
cve 14
zdi 16
prion 14
mscve 14
cnvd 10
rapid7blog 1
qualysblog 1
krebs 1
talosblog 1
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2022)
2022-12-14 00:00:00
Microsoft Office Outlook 2019 Multiple Vulnerabilities (Dec 2022) - Mac OS X
2022-12-14 00:00:00
Microsoft Visio 2016 Security Feature Bypass Vulnerability (KB5002286)
2022-12-14 00:00:00
nessus
nessus
Security Updates for Microsoft Office Products C2R (December 2022)
2022-12-14 00:00:00
Security Updates for Microsoft Visio Products C2R (December 2022)
2022-12-14 00:00:00
Security Updates for Microsoft Office Products (Dec 2022) (macOS)
2022-12-14 00:00:00
mskb
mskb
Description of the security update for SharePoint Server Subscription Edition: December 13, 2022 (KB5002327)
2022-12-13 08:00:00
Description of the security update for SharePoint Server 2019: December 13, 2022 (KB5002311)
2022-12-13 08:00:00
December 13, 2022, cumulative update for SharePoint Enterprise Server 2013 (KB5002317)
2022-12-13 08:00:00
cve
cve
CVE-2022-44691
2022-12-13 19:15:00
CVE-2022-44695
2022-12-13 19:15:00
CVE-2022-44696
2022-12-13 19:15:00
zdi
zdi
Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
2023-01-18 00:00:00
Microsoft Office Visio DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2022-12-15 00:00:00
Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
2022-12-15 00:00:00
prion
prion
Remote code execution
2022-12-13 19:15:00
Remote code execution
2022-12-13 19:15:00
Remote code execution
2022-12-13 19:15:00
mscve
mscve
Microsoft Office Graphics Remote Code Execution Vulnerability
2022-12-13 08:00:00
Microsoft Office OneNote Remote Code Execution Vulnerability
2022-12-13 08:00:00
Microsoft Office Graphics Remote Code Execution Vulnerability
2022-12-13 08:00:00
cnvd
cnvd
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2022-89424)
2022-12-19 00:00:00
Microsoft Office Graphics remote code execution vulnerability (CNVD-2022-89423)
2022-12-19 00:00:00
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2023-72202)
2022-12-15 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2022
2022-12-13 21:24:06
qualysblog
qualysblog
The DecemberΒ 2022 Patch Tuesday Security Update Review
2022-12-13 23:17:17
krebs
krebs
Microsoft Patch Tuesday, December 2022 Edition
2022-12-14 17:01:07
talosblog
talosblog
Microsoft Patch Tuesday for December 2022 β€” Snort rules and prominent vulnerabilities
2022-12-13 19:06:51

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for KLA20121
openvas4nessus9mskb7cve14zdi16prion14mscve14cnvd10rapid7blog1qualysblog1krebs1talosblog1