9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.924 High
EPSS
Percentile
98.9%
03/14/2023
Critical
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service.
Public exploits exist for this vulnerability.
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2016 (64-bit edition)
Microsoft SharePoint Server 2019
Microsoft Office 2019 for 32-bit editions
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2016 (32-bit edition)
Microsoft Office Online Server
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office for Universal
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Server Subscription Edition
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Outlook 2016 (64-bit edition)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office LTSC for Mac 2021
Microsoft SharePoint Enterprise Server 2016
Microsoft Excel 2013 RT Service Pack 1
OneDrive for MacOS Installer
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Excel 2016 (32-bit edition)
Microsoft Office for Android
OneDrive for Android
Microsoft Office 2013 RT Service Pack 1
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2019 for Mac
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update component usually can be accessed from the Control Panel) and updates from the Update Options section, that are listed in your Office Account (Office Account tab usually can be accessed from the File menu)
Install Office updates
CVE-2023-23398
CVE-2023-23391
CVE-2023-24923
CVE-2023-24882
CVE-2023-23397
CVE-2023-24930
CVE-2023-24910
CVE-2023-23395
CVE-2023-23399
CVE-2023-23396
ACE
CVE-2023-249107.8Critical
CVE-2023-233987.1High
CVE-2023-233915.5High
CVE-2023-249235.5High
CVE-2023-248825.5High
CVE-2023-233979.8Critical
CVE-2023-249307.8Critical
CVE-2023-233953.1Warning
CVE-2023-233997.8Critical
CVE-2023-233966.5High
5002254
5002356
5002197
5002358
5002351
5002265
5002367
5002368
5002198
5002355
5002362
5002366
5002168
5002348
support.microsoft.com/kb/5002168
support.microsoft.com/kb/5002197
support.microsoft.com/kb/5002198
support.microsoft.com/kb/5002254
support.microsoft.com/kb/5002265
support.microsoft.com/kb/5002348
support.microsoft.com/kb/5002351
support.microsoft.com/kb/5002355
support.microsoft.com/kb/5002356
support.microsoft.com/kb/5002358
support.microsoft.com/kb/5002362
support.microsoft.com/kb/5002366
support.microsoft.com/kb/5002367
support.microsoft.com/kb/5002368
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23395
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23396
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23397
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23398
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23399
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24930
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23391
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24882
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24910
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24923
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24930
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/office/install-office-updates-2ab296f3-7f03-43a2-8e50-46de917611c5
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Outlook/
threats.kaspersky.com/en/product/Microsoft-SharePoint/
threats.kaspersky.com/en/product/OneDrive/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.924 High
EPSS
Percentile
98.9%