Lucene search

K
mskbMicrosoftKB4462175
HistoryOct 13, 2020 - 7:00 a.m.

Description of the security update for SharePoint Server 2010 Excel Web App: October 13, 2020

2020-10-1307:00:00
Microsoft
support.microsoft.com
18

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

Description of the security update for SharePoint Server 2010 Excel Web App: October 13, 2020

Summary

This security update resolves a remote code execution vulnerability that exists in Microsoft Excel if the software does not correctly handle objects in memory. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2020-16929.

Note To apply this security update, you must have the release version of Service Pack 2 for SharePoint Server 2010 Office Web Apps installed on the computer.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More information

Security update deployment information

For deployment information about this update, see security update deployment information: October 13, 2020.

Security update replacement information

This security update replaces previously released security update 3101522.

File hash information

File name SHA1 hash SHA256 hash
xlwac2010-kb4462175-fullfile-x64-glb.exe 65A5ADA714D6FDB620F9265A7E4A624B8EABC1F0 7C2749D46524F9AFA98DD8A31C1C1790075C9A7270D067152758F284B227CC0F

File informationThe English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

__

For all supported x64-based versions of SharePoint Server 2010 Excel Web App

File identifier File name File version File size Date Time
cuixas.js cuixas.js 263,367 07-Jan-2014 03:02
dynamicgridcontent.asmx dynamicgridcontent.asmx dynamicgridcontent.json 313 12-Feb-2008
ewabrowsercompat.js ewabrowsercompat.js 6,565 05-Nov-2009 11:47
ewachart.png 91,313 08-Dec-2010 04:43
ewacmdui.xml ewacmdui.xml 116,740 08-Dec-2010 08:28
ewainternalwebservice.asmx ewainternalwebservice.asmx ewainternalwebservice.json 322 12-Feb-2008
ewamenu.js ewamenu.js 41,074 13-Aug-2015 02:48
ewamoss.js ewamoss.js 786,371 15-Mar-2017 03:05
ewanewwpctrl.ascx excelwebrenderernewwebpartcontrol.ascx 2,202 15-Jun-2009 01:07
ewaparameterstaskpane.ascx ewaparameterstaskpane.ascx 1,511 28-Sep-2009 09:29
ewareadmodetoolbar.ascx ewareadmodetoolbar.ascx 3,963 08-Dec-2010 08:28
ewastringshandler.ashx ewastringshandler.ashx 317 22-Nov-2012 08:59
ewrdynamicimageprovider.aspx dynamicimageprovider.aspx 433 02-Jun-2009 11:56
ewrdynamicslicerprovider.aspx dynamicslicerprovider.aspx 529 02-Jun-2009 11:56
ewrtreeview.js ewrtreeview.js 19,012 15-Jun-2009 01:08
ewrxlfilehandler.aspx xlfilehandler.aspx 421 02-Jun-2009 11:56
ewrxlviewer.aspx xlviewer.aspx 9,316 08-Dec-2010 08:32
ewrxlviewerinternal.aspx xlviewerinternal.aspx 13,540 08-Dec-2010 08:32
excelservercreateapplication.aspx excelservercreateapplication.aspx 5,364 04-Sep-2009 05:03
excelserversafedataprovider.aspx excelserversafedataprovider.aspx 6,188 20-Sep-2008 08:29
excelserversafedataproviders.aspx excelserversafedataproviders.aspx 5,219 20-Sep-2008 08:29
excelserversettings.aspx excelserversettings.aspx 10,724 21-Apr-2009 11:42
excelservertrusteddcl.aspx excelservertrusteddcl.aspx 5,753 20-Jan-2009 03:23
excelservertrusteddcls.aspx excelservertrusteddcls.aspx 5,196 20-Sep-2008 08:30
excelservertrustedlocation.aspx excelservertrustedlocation.aspx 11,928 04-Sep-2009 05:03
excelservertrustedlocations.aspx excelservertrustedlocations.aspx 5,213 20-Sep-2008 08:30
excelserveruserdefinedfunction.aspx excelserveruserdefinedfunction.aspx 6,048 20-Jan-2009 03:24
excelserveruserdefinedfunctions.aspx excelserveruserdefinedfunctions.aspx 5,229 20-Sep-2008 08:30
excelservicesadmin.aspx excelservicesadmin.aspx 5,861 20-Jan-2009 03:24
excelwebrenderer.ascx excelwebrenderer.ascx 4,877 08-Dec-2010 08:28
inputformexcelserversetting.ascx inputformexcelserversetting.ascx 2,777 21-Feb-2008 11:42
mewadynamicimageprovider.aspx dynamicimageprovider.aspx 433 02-Jun-2009 11:56
microsoft.office.excel.webui.internal.dll microsoft.office.excel.webui.internal.dll 14.0.7006.1000 641,640 22-Nov-2012 09:18
microsoft.office.excel.webui.mobile.dll microsoft.office.excel.webui.mobile.dll 14.0.7160.5000 114,760 16-Sep-2015 12:15
slicerrenderer.ascx slicerrenderercontrol.ascx 7,687 05-Nov-2009 11:44
xlsrv.dll xlsrv.dll 14.0.7261.5000 14,676,128 18-Sep-2020 05:49
xlsrvintl.dll.1033 xlsrvintl.dll 14.0.7261.5000 115,384 15-Sep-2020 11:45

Information about protection and securityProtect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%