Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA20157
HistoryJan 10, 2023 - 12:00 a.m.

KLA20157 Multiple vulnerabilities in Microsoft Office

2023-01-1000:00:00
Kaspersky Lab
threats.kaspersky.com
157

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

Detect date:

01/10/2023

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
Microsoft Office LTSC for Mac 2021
Microsoft Visio 2016 (32-bit edition)
Microsoft Visio 2016 (64-bit edition)
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Visio 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for Mac
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft SharePoint Enterprise Server 2016

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2023-21737
CVE-2023-21742
CVE-2023-21744
CVE-2023-21734
CVE-2023-21738
CVE-2023-21735
CVE-2023-21743
CVE-2023-21741
CVE-2023-21736

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2023-217377.8Critical
CVE-2023-217428.8Critical
CVE-2023-217448.8Critical
CVE-2023-217347.8Critical
CVE-2023-217387.8Critical
CVE-2023-217357.8Critical
CVE-2023-217435.3High
CVE-2023-217417.1High
CVE-2023-217367.8Critical

KB list:

5002335
5002336
5002329
5002337
5002338
5002332
5002331

Microsoft official advisories:

References

Related

openvas 4
nessus 8
mskb 7
cnvd 7
cve 9
prion 9
mscve 9
zdi 4
malwarebytes 1
krebs 1
rapid7blog 1
qualysblog 1
talosblog 1
thn 1
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jan 2023)
2023-01-11 00:00:00
Microsoft Visio 2013 Multiple Vulnerabilities (KB5002332)
2023-01-11 00:00:00
Microsoft Visio 2016 Multiple Vulnerabilities (KB5002337)
2023-01-11 00:00:00
nessus
nessus
Security Updates for Microsoft Visio Products C2R (January 2023)
2023-01-11 00:00:00
Security Updates for Microsoft Visio Products (January 2023)
2023-01-10 00:00:00
Security Updates for Microsoft SharePoint Server 2016 (January 2023)
2023-01-11 00:00:00
mskb
mskb
Description of the security update for Visio 2013: January 10, 2023 (KB5002332)
2023-01-10 08:00:00
Description of the security update for SharePoint Server Subscription Edition: January 10, 2023 (KB5002331)
2023-01-10 08:00:00
Description of the security update for SharePoint Enterprise Server 2016: January 10, 2023 (KB5002338)
2023-01-10 08:00:00
cnvd
cnvd
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85904)
2023-01-13 00:00:00
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-18289)
2023-01-13 00:00:00
Microsoft SharePoint Server Security Feature Bypass Vulnerability (CNVD-2023-04532)
2023-01-12 00:00:00
cve
cve
CVE-2023-21735
2023-01-10 22:15:17
CVE-2023-21738
2023-01-10 22:15:17
CVE-2023-21734
2023-01-10 22:15:17
prion
prion
Remote code execution
2023-01-10 22:15:00
Remote code execution
2023-01-10 22:15:00
Remote code execution
2023-01-10 22:15:00
mscve
mscve
Microsoft Office Visio Information Disclosure Vulnerability
2023-01-10 08:00:00
Microsoft Office Visio Remote Code Execution Vulnerability
2023-01-10 08:00:00
Microsoft Office Visio Remote Code Execution Vulnerability
2023-01-10 08:00:00
zdi
zdi
Microsoft Office SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
2023-01-18 00:00:00
Microsoft Office Visio DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2023-01-18 00:00:00
Microsoft Office Visio DXF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2023-01-18 00:00:00
malwarebytes
malwarebytes
Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability
2023-01-12 04:00:00
krebs
krebs
Microsoft Patch Tuesday, January 2023 Edition
2023-01-10 22:28:55
rapid7blog
rapid7blog
Patch Tuesday - January 2023
2023-01-10 22:32:55
qualysblog
qualysblog
The JanuaryΒ 2023 Patch Tuesday Security Update Review
2023-01-10 21:09:08
talosblog
talosblog
Microsoft Patch Tuesday for January 2023 β€” Snort rules and prominent vulnerabilities
2023-01-10 19:18:00
thn
thn
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
2023-01-11 05:32:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for KLA20157
openvas4nessus8mskb7cnvd7cve9prion9mscve9zdi4malwarebytes1krebs1rapid7blog1qualysblog1talosblog1thn1