Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA20229
HistoryFeb 14, 2023 - 12:00 a.m.

KLA20229 Multiple vulnerabilities in Microsoft Office

2023-02-1400:00:00
Kaspersky Lab
threats.kaspersky.com
68

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.825 High

EPSS

Percentile

98.3%

JSON

Detect date:

02/14/2023

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface, bypass security restrictions.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Microsoft Office for iOS
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Office Online Server
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office for Universal
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Word 2013 RT Service Pack 1
Microsoft Office 2019 for Mac
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft OneNote for Android
Microsoft Office LTSC for Mac 2021
SharePoint Server Subscription Edition Language Pack
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Server 2019
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office for Android
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Server Subscription Edition
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2023-21714
CVE-2023-21716
CVE-2023-21721
CVE-2023-21715
CVE-2023-21823
CVE-2023-21717

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2023-218237.8Critical
CVE-2023-217145.5High
CVE-2023-217169.8Critical
CVE-2023-217216.5High
CVE-2023-217157.3High
CVE-2023-217178.8Critical

KB list:

5002323
5002352
5002325
5002347
5002342
5002313
5002330
5002350
5002309
5002312
5002346
5002353
5002316

Microsoft official advisories:

References

Related

nessus 25
mskb 29
talosblog 2
krebs 1
prion 6
cve 6
mssecure 1
mscve 6
cnvd 3
trellix 2
attackerkb 3
cisa_kev 2
thn 1
mmpc 1
avleonov 2
openvas 9
githubexploit 3
malwarebytes 1
qualysblog 1
rapid7blog 1
securelist 1
kaspersky 2
nessus
nessus
Security Updates for Microsoft SharePoint Server 2019 (February 2023)
2023-02-17 00:00:00
Security Updates for Microsoft SharePoint Server 2016 (Language Pack (February 2023))
2023-02-17 00:00:00
Security Updates for Microsoft SharePoint Server 2019 (February 2023)
2023-02-15 00:00:00
mskb
mskb
Description of the security update for SharePoint Server 2019: February 14, 2023 (KB5002342)
2023-02-14 08:00:00
Description of the security update for SharePoint Server 2019 Language Pack: February 14, 2023 (KB5002330)
2023-02-14 08:00:00
Description of the security update for SharePoint Server Subscription Edition: February 14, 2023 (KB5002353)
2023-02-14 08:00:00
talosblog
talosblog
Threat Source newsletter (Feb. 16, 2023) โ€” Recapping what we may have missed so far this year
2023-02-16 19:00:17
Microsoft Patch Tuesday for February 2023 โ€” Snort rules and prominent vulnerabilities
2023-02-14 18:09:22
krebs
krebs
Microsoft Patch Tuesday, February 2023 Edition
2023-02-14 21:01:41
prion
prion
Information disclosure
2023-02-14 20:15:00
Privilege escalation
2023-02-14 20:15:00
Privilege escalation
2023-02-14 20:15:00
cve
cve
CVE-2023-21721
2023-02-14 20:15:14
CVE-2023-21714
2023-02-14 20:15:14
CVE-2023-21823
2023-02-14 21:15:12
mssecure
mssecure
Malware distributor Storm-0324 facilitates ransomware access
2023-09-12 17:00:00
mscve
mscve
Microsoft Office Information Disclosure Vulnerability
2023-02-14 08:00:00
Microsoft OneNote Elevation of Privilege Vulnerability
2023-02-14 08:00:00
Microsoft SharePoint Server Elevation of Privilege Vulnerability
2023-02-14 08:00:00
cnvd
cnvd
Microsoft Office Information Disclosure Vulnerability (CNVD-2023-18285)
2023-02-17 00:00:00
Microsoft SharePoint Server Elevation of Privilege Vulnerability (CNVD-2023-72201)
2023-02-17 00:00:00
Microsoft Word Remote Code Execution Vulnerability (CNVD-2023-14998)
2023-02-17 00:00:00
trellix
trellix
Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)
2023-10-05 00:00:00
Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)
2023-10-05 00:00:00
attackerkb
attackerkb
CVE-2023-21715
2023-02-14 00:00:00
CVE-2023-21823
2023-02-14 00:00:00
CVE-2023-21716
2023-02-14 00:00:00
cisa_kev
cisa_kev
Microsoft Office Publisher Security Feature Bypass Vulnerability
2023-02-14 00:00:00
Microsoft Windows Graphic Component Privilege Escalation Vulnerability
2023-02-14 00:00:00
thn
thn
Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
2023-02-15 04:21:00
mmpc
mmpc
Malware distributor Storm-0324 facilitates ransomware access
2023-09-12 17:00:00
avleonov
avleonov
Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1
2023-02-26 16:37:52
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
2023-04-23 23:11:58
openvas
openvas
Microsoft Word 2016 Remote Code Execution Vulnerability (KB5002323)
2023-02-15 00:00:00
Microsoft Office Outlook 2019 RCE Vulnerability (Feb 2023) - Mac OS X
2023-02-15 00:00:00
Microsoft Word 2013 Service Pack 1 Remote Code Execution Vulnerability (KB5002316)
2023-02-15 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2023-04-20 11:26:48
Exploit for Vulnerability in Microsoft
2023-03-24 15:58:25
Exploit for Vulnerability in Microsoft
2023-03-07 15:03:43
malwarebytes
malwarebytes
Update now! February's Patch Tuesday tackles three zero-days
2023-02-15 03:00:00
qualysblog
qualysblog
The Februaryย 2023 Patch Tuesday Security Update Review
2023-02-15 00:56:48
rapid7blog
rapid7blog
Patch Tuesday - February 2023
2023-02-15 00:41:59
securelist
securelist
IT threat evolution in Q1 2023. Non-mobile statistics
2023-06-07 08:00:18
kaspersky
kaspersky
KLA20233 Multiple vulnerabilities in Microsoft Windows
2023-02-14 00:00:00
KLA20225 Multiple vulnerabilities in Microsoft Products (ESU)
2023-02-14 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.825 High

EPSS

Percentile

98.3%

JSON
Related for KLA20229
nessus25mskb29talosblog2krebs1prion6cve6mssecure1mscve6cnvd3trellix2attackerkb3cisa_kev2thn1mmpc1avleonov2openvas9githubexploit3malwarebytes1qualysblog1rapid7blog1securelist1kaspersky2