Lucene search

K
mskbMicrosoftKB3213562
HistorySep 12, 2017 - 7:00 a.m.

Description of the security update for Office Web Apps Server 2013: September 12, 2017

2017-09-1207:00:00
Microsoft
support.microsoft.com
51
remote code execution
service pack 1
excel online
microsoft update catalog
microsoft download center
deployment information
file hash
support
security update.

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.337

Percentile

97.1%

Description of the security update for Office Web Apps Server 2013: September 12, 2017

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8631 and Microsoft Common Vulnerabilities and Exposures CVE-2017-8742.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office Web Apps Server 2013 installed on the computer.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issue:

  • Improve the translation of the notification message when an operation takes longer than 10 seconds in Excel Online.

How to get and install the update

Method 1: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

  • Download iconDownload the security update KB3213562 for the 64-bit version of Office Web Apps Server 2013

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: September 12, 2017.

Security update replacement information

This security update doesn’t replace any previously released update.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
wacserver2013-kb3213562-fullfile-x64-glb.exe A56B2443AE7317B2F4E34566B165803D3012C6D8 DDA2938E4216283630AD12033EC6D50842DA30CC1295A17D921C14825D26BC31

File information

For the list of files that cumulative update 3213562 contains, download the file information for update 3213562.

How to get help and support for this security update

Help for installing updates: Windows Update FAQSecurity solutions for IT professionals: Security Support and TroubleshootingHelp for protecting your Windows-based computer from viruses and malware: Microsoft SecureLocal support according to your country: International SupportPropose a feature or provide feedback on SharePoint: SharePoint User Voice portal

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.337

Percentile

97.1%