{"mskb": [{"lastseen": "2021-12-31T15:17:11", "description": "None\n## Summary\n\nThis security update resolves a Microsoft Office Graphics remote code execution vulnerability. To learn more about the vulnerability, see [Microsoft Common Vulnerabilities and Exposures CVE-2021-31180](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31180>).\n\n**Note: **To apply this security update, you must have the release version of [Service Pack 1 for Microsoft Office 2013](<https://support.microsoft.com/kb/2817430>) installed on the computer.\n\nBe aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2013. It doesn't apply to the Office 2013 Click-to-Run editions, such as Microsoft Office 365 Home (see [What version of Office am I using?](<https://support.office.com/article/About-Office-What-version-of-Office-am-I-using-932788B8-A3CE-44BF-BB09-E334518B8B19>)). \n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4464542>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download security update 4464542 for the 32-bit version of Office 2013](<http://www.microsoft.com/download/details.aspx?familyid=0571529b-3806-4486-81ea-955f71db9ac0>)\n * [Download security update 4464542 for the 64-bit version of Office 2013](<http://www.microsoft.com/download/details.aspx?familyid=e55077c4-067a-413d-a9cf-233b7cd9f294>)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see Security update deployment information: May 11, 2021.\n\n### Security update replacement information\n\nThis security update replaces previously released security update [4018387](<https://support.microsoft.com/help/4018387>).\n\n### File hash information\n\nFile name| | SHA256 hash \n---|---|--- \noart2013-kb4464542-fullfile-x86-glb.exe| | 63D849061B02B1F0B5AFFE2793C43144D0C53F3848701D66F5443364F09AEF95 \noart2013-kb4464542-fullfile-x64-glb.exe| | 8EB7F76043185A547B683FB26A2A68B8B1EE72D91C79B9C249C5E58FA179EA37 \n \n### File information\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.\n\n## \n\n__\n\nFor all supported x86-based versions of Office 2013\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nigx.dll| igx.dll| 15.0.5345.1000| 8984464| 15-Apr-21| 08:18 \noart.dll| oart.dll| 15.0.5345.1000| 14450584| 15-Apr-21| 08:18 \noartodf.dll| oartodf.dll| 15.0.5345.1000| 2132376| 15-Apr-21| 08:18 \n \n## \n\n__\n\nFor all supported x64-based versions of Office 2013\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nigx.dll| igx.dll| 15.0.5345.1000| 10364320| 15-Apr-21| 08:18 \nxlsrv.ecs.igx.dll| igx.dll| 15.0.5345.1000| 10364320| 15-Apr-21| 08:18 \noart.dll| oart.dll| 15.0.5345.1000| 21241248| 15-Apr-21| 08:18 \nxlsrv.ecs.oart.dll| oart.dll| 15.0.5345.1000| 21241248| 15-Apr-21| 08:18 \noartodf.dll| oartodf.dll| 15.0.5345.1000| 3776920| 15-Apr-21| 08:18 \nxlsrv.ecs.oartodf.dll| oartodf.dll| 15.0.5345.1000| 3776920| 15-Apr-21| 08:18 \n \n## Information about protection and security\n\nProtect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151>)Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mskb", "title": "Description of the security update for Office 2013: May 11, 2021 (KB4464542)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31180"], "modified": "2021-05-11T07:00:00", "id": "KB4464542", "href": "https://support.microsoft.com/en-us/help/4464542", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T14:44:10", "description": "None\n## Summary\n\nThis security update resolves a Microsoft Office Graphics remote code execution vulnerability. To learn more about the vulnerability, see [Microsoft Common Vulnerabilities and Exposures CVE-2021-31180](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31180>).\n\n**Note: **To apply this security update, you must have the release version of Microsoft Office 2016 installed on the computer.\n\nBe aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2016. It doesn't apply to the Office 2016 Click-to-Run editions, such as Microsoft Office 365 Home (see [What version of Office am I using?](<https://support.office.com/article/About-Office-What-version-of-Office-am-I-using-932788B8-A3CE-44BF-BB09-E334518B8B19>)). \n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001919>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download security update 5001919 for the 32-bit version of Word 2016](<http://www.microsoft.com/download/details.aspx?familyid=e6e8830f-bdff-42bb-811e-5958063d3deb>)\n * [Download security update 5001919 for the 64-bit version of Word 2016](<http://www.microsoft.com/download/details.aspx?familyid=6f4cd907-b2c5-40be-82b6-4daa9e8ad98b>)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see Security update deployment information: May 11, 2021.\n\n### Security update replacement information\n\nThis security update replaces previously released security update [4493198](<https://support.microsoft.com/kb/4493198>).\n\n### File hash information\n\nFile name| | SHA256 hash \n---|---|--- \nword2016-kb5001919-fullfile-x86-glb.exe| | 4E6559EC3C8AA723D341700656C4C3B1A2615CE389C4F5D6492EC1DC9C83D901 \nword2016-kb5001919-fullfile-x64-glb.exe| | 3B53E8C0EA4E2969433A5FD1B7A88FE30673DE33AA59A52D9DACF0F07CDFFD26 \n \n### File information\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.\n\n## \n\n__\n\nFor all supported x86-based versions of Word 2016\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \ngenko.dll| genko.dll| 16.0.5032.1000| 402264| 14-Apr-21| 10:08 \nwwintl.dll_1025| wwintl.dll| 16.0.4936.1000| 823584| 15-Apr-21| 03:13 \nwwintl.dll_1026| wwintl.dll| 16.0.4936.1000| 820504| 15-Apr-21| 03:14 \nwwintl.dll_1029| wwintl.dll| 16.0.4936.1000| 876320| 15-Apr-21| 03:14 \nwwintl.dll_1030| wwintl.dll| 16.0.4936.1000| 807712| 15-Apr-21| 03:14 \nwwintl.dll_1031| wwintl.dll| 16.0.4936.1000| 888088| 15-Apr-21| 03:14 \nwwintl.dll_1032| wwintl.dll| 16.0.4936.1000| 877856| 15-Apr-21| 03:14 \nwwintl.dll_3082| wwintl.dll| 16.0.4936.1000| 847648| 15-Apr-21| 03:14 \nwwintl.dll_1061| wwintl.dll| 16.0.4936.1000| 770840| 15-Apr-21| 03:14 \nwwintl.dll_1035| wwintl.dll| 16.0.4936.1000| 818464| 15-Apr-21| 03:14 \nwwintl.dll_1036| wwintl.dll| 16.0.4936.1000| 883992| 15-Apr-21| 03:14 \nwwintl.dll_1037| wwintl.dll| 16.0.4936.1000| 762144| 15-Apr-21| 03:14 \nwwintl.dll_1081| wwintl.dll| 16.0.4936.1000| 865056| 15-Apr-21| 03:14 \nwwintl.dll_1050| wwintl.dll| 16.0.4936.1000| 830744| 15-Apr-21| 03:14 \nwwintl.dll_1038| wwintl.dll| 16.0.4936.1000| 886560| 15-Apr-21| 03:14 \nwwintl.dll_1057| wwintl.dll| 16.0.4936.1000| 779040| 15-Apr-21| 03:14 \nwwintl.dll_1040| wwintl.dll| 16.0.4936.1000| 838424| 15-Apr-21| 03:14 \nwwintl.dll_1041| wwintl.dll| 16.0.4936.1000| 790304| 15-Apr-21| 03:13 \nwwintl.dll_1087| wwintl.dll| 16.0.4936.1000| 880408| 15-Apr-21| 03:14 \nwwintl.dll_1042| wwintl.dll| 16.0.4936.1000| 783136| 15-Apr-21| 03:14 \nwwintl.dll_1063| wwintl.dll| 16.0.4936.1000| 836896| 15-Apr-21| 03:14 \nwwintl.dll_1062| wwintl.dll| 16.0.4936.1000| 824608| 15-Apr-21| 03:14 \nwwintl.dll_1086| wwintl.dll| 16.0.4936.1000| 782616| 15-Apr-21| 03:14 \nwwintl.dll_1044| wwintl.dll| 16.0.4936.1000| 797168| 15-Apr-21| 03:14 \nwwintl.dll_1043| wwintl.dll| 16.0.4936.1000| 835872| 15-Apr-21| 03:14 \nwwintl.dll_1045| wwintl.dll| 16.0.4936.1000| 852256| 15-Apr-21| 03:14 \nwwintl.dll_1046| wwintl.dll| 16.0.4936.1000| 853280| 15-Apr-21| 03:14 \nwwintl.dll_2070| wwintl.dll| 16.0.4936.1000| 861464| 15-Apr-21| 03:14 \nwwintl.dll_1048| wwintl.dll| 16.0.4936.1000| 896280| 15-Apr-21| 03:14 \nwwintl.dll_1049| wwintl.dll| 16.0.4936.1000| 809968| 15-Apr-21| 03:14 \nwwintl.dll_1051| wwintl.dll| 16.0.4936.1000| 891160| 15-Apr-21| 03:14 \nwwintl.dll_1060| wwintl.dll| 16.0.4936.1000| 821768| 15-Apr-21| 03:14 \nwwintl.dll_2074| wwintl.dll| 16.0.4936.1000| 817944| 15-Apr-21| 03:14 \nwwintl.dll_9242| wwintl.dll| 16.0.4936.1000| 817952| 15-Apr-21| 03:14 \nwwintl.dll_1053| wwintl.dll| 16.0.4936.1000| 803616| 15-Apr-21| 03:14 \nwwintl.dll_1054| wwintl.dll| 16.0.4936.1000| 825112| 15-Apr-21| 03:14 \nwwintl.dll_1055| wwintl.dll| 16.0.4936.1000| 881952| 15-Apr-21| 03:14 \nwwintl.dll_1058| wwintl.dll| 16.0.4936.1000| 820000| 15-Apr-21| 03:14 \nwwintl.dll_1066| wwintl.dll| 16.0.4936.1000| 912672| 15-Apr-21| 03:14 \nwwintl.dll_2052| wwintl.dll| 16.0.4936.1000| 697120| 15-Apr-21| 03:14 \nwwintl.dll_1028| wwintl.dll| 16.0.4936.1000| 706240| 15-Apr-21| 03:14 \njrpcard20.dll_1041| jrpcard20.dll| 16.0.4834.1000| 330960| 14-Apr-21| 10:08 \npdfreflow.exe| pdfreflow.exe| 16.0.5140.1000| 10306344| 14-Apr-21| 10:06 \nwwintl.dll_1033| wwintl.dll| 16.0.4936.1000| 701152| 14-Apr-21| 10:05 \nmsword.olb| msword.olb| | 939304| 14-Apr-21| 10:06 \nwinword.exe| winword.exe| 16.0.5161.1000| 1937744| 15-Apr-21| 03:19 \nwrd12cnv.dll| wordcnv.dll| 16.0.5161.1000| 9183536| 15-Apr-21| 03:19 \nwwlib.dll| wwlib.dll| 16.0.5161.1000| 29627696| 15-Apr-21| 03:19 \n \n## \n\n__\n\nFor all supported x64-based versions of Word 2016\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \ncalligra.dll| calligra.dll| 16.0.4528.1000| 338688| 15-Apr-21| 03:35 \ngenko.dll| genko.dll| 16.0.5032.1000| 513368| 14-Apr-21| 10:15 \nwdsrv.conversion.word.wwintl.dll_1025| wwintl.dll| 16.0.5161.1000| 944408| 15-Apr-21| 03:20 \nwwintl.dll_1025| wwintl.dll| 16.0.5161.1000| 944408| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1026| wwintl.dll| 16.0.5161.1000| 899384| 15-Apr-21| 03:20 \nwwintl.dll_1026| wwintl.dll| 16.0.5161.1000| 899384| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1029| wwintl.dll| 16.0.5161.1000| 955704| 15-Apr-21| 03:20 \nwwintl.dll_1029| wwintl.dll| 16.0.5161.1000| 955704| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1030| wwintl.dll| 16.0.5161.1000| 886560| 15-Apr-21| 03:20 \nwwintl.dll_1030| wwintl.dll| 16.0.5161.1000| 886560| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1031| wwintl.dll| 16.0.5161.1000| 966952| 15-Apr-21| 03:20 \nwwintl.dll_1031| wwintl.dll| 16.0.5161.1000| 966952| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1032| wwintl.dll| 16.0.5161.1000| 956696| 15-Apr-21| 03:20 \nwwintl.dll_1032| wwintl.dll| 16.0.5161.1000| 956696| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_3082| wwintl.dll| 16.0.5161.1000| 926504| 15-Apr-21| 03:20 \nwwintl.dll_3082| wwintl.dll| 16.0.5161.1000| 926504| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1061| wwintl.dll| 16.0.5161.1000| 849688| 15-Apr-21| 03:20 \nwwintl.dll_1061| wwintl.dll| 16.0.5161.1000| 849688| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1035| wwintl.dll| 16.0.5161.1000| 897312| 15-Apr-21| 03:20 \nwwintl.dll_1035| wwintl.dll| 16.0.5161.1000| 897312| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1036| wwintl.dll| 16.0.5161.1000| 962872| 15-Apr-21| 03:20 \nwwintl.dll_1036| wwintl.dll| 16.0.5161.1000| 962872| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1037| wwintl.dll| 16.0.5161.1000| 882968| 15-Apr-21| 03:20 \nwwintl.dll_1037| wwintl.dll| 16.0.5161.1000| 882968| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1081| wwintl.dll| 16.0.5161.1000| 944432| 15-Apr-21| 03:20 \nwwintl.dll_1081| wwintl.dll| 16.0.5161.1000| 944432| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1050| wwintl.dll| 16.0.5161.1000| 909592| 15-Apr-21| 03:20 \nwwintl.dll_1050| wwintl.dll| 16.0.5161.1000| 909592| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1038| wwintl.dll| 16.0.5161.1000| 965400| 15-Apr-21| 03:20 \nwwintl.dll_1038| wwintl.dll| 16.0.5161.1000| 965400| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1057| wwintl.dll| 16.0.5161.1000| 857880| 15-Apr-21| 03:20 \nwwintl.dll_1057| wwintl.dll| 16.0.5161.1000| 857880| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1040| wwintl.dll| 16.0.5161.1000| 917288| 15-Apr-21| 03:20 \nwwintl.dll_1040| wwintl.dll| 16.0.5161.1000| 917288| 15-Apr-21| 03:20 \nwac.word.wwintl.dll_1041| wwintl.dll| 16.0.5161.1000| 869144| | \nwdsrv.conversion.word.wwintl.dll_1041| wwintl.dll| 16.0.5161.1000| 869144| 15-Apr-21| 03:20 \nwwintl.dll_1041| wwintl.dll| 16.0.5161.1000| 869144| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1087| wwintl.dll| 16.0.5161.1000| 959776| 15-Apr-21| 03:20 \nwwintl.dll_1087| wwintl.dll| 16.0.5161.1000| 959776| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1042| wwintl.dll| 16.0.5161.1000| 862504| 15-Apr-21| 03:20 \nwwintl.dll_1042| wwintl.dll| 16.0.5161.1000| 862504| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1063| wwintl.dll| 16.0.5161.1000| 916288| 15-Apr-21| 03:20 \nwwintl.dll_1063| wwintl.dll| 16.0.5161.1000| 916288| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1062| wwintl.dll| 16.0.5161.1000| 903448| 15-Apr-21| 03:20 \nwwintl.dll_1062| wwintl.dll| 16.0.5161.1000| 903448| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1086| wwintl.dll| 16.0.5161.1000| 861984| 15-Apr-21| 03:20 \nwwintl.dll_1086| wwintl.dll| 16.0.5161.1000| 861984| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1044| wwintl.dll| 16.0.5161.1000| 875800| 15-Apr-21| 03:20 \nwwintl.dll_1044| wwintl.dll| 16.0.5161.1000| 875800| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1043| wwintl.dll| 16.0.5161.1000| 915248| 15-Apr-21| 03:20 \nwwintl.dll_1043| wwintl.dll| 16.0.5161.1000| 915248| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1045| wwintl.dll| 16.0.5161.1000| 931624| 15-Apr-21| 03:20 \nwwintl.dll_1045| wwintl.dll| 16.0.5161.1000| 931624| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_1046| wwintl.dll| 16.0.5161.1000| 932632| 15-Apr-21| 03:20 \nwwintl.dll_1046| wwintl.dll| 16.0.5161.1000| 932632| 15-Apr-21| 03:20 \nwdsrv.conversion.word.wwintl.dll_2070| wwintl.dll| 16.0.5161.1000| 940312| 15-Apr-21| 03:21 \nwwintl.dll_2070| wwintl.dll| 16.0.5161.1000| 940312| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1048| wwintl.dll| 16.0.5161.1000| 975640| 15-Apr-21| 03:21 \nwwintl.dll_1048| wwintl.dll| 16.0.5161.1000| 975640| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1049| wwintl.dll| 16.0.5161.1000| 888656| 15-Apr-21| 03:21 \nwwintl.dll_1049| wwintl.dll| 16.0.5161.1000| 888656| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1051| wwintl.dll| 16.0.5161.1000| 970520| 15-Apr-21| 03:21 \nwwintl.dll_1051| wwintl.dll| 16.0.5161.1000| 970520| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1060| wwintl.dll| 16.0.5161.1000| 900376| 15-Apr-21| 03:21 \nwwintl.dll_1060| wwintl.dll| 16.0.5161.1000| 900376| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_2074| wwintl.dll| 16.0.5161.1000| 896824| 15-Apr-21| 03:21 \nwwintl.dll_2074| wwintl.dll| 16.0.5161.1000| 896824| 15-Apr-21| 03:21 \nwac.word.wwintl.dll_9242| wwintl.dll| 16.0.5161.1000| 896800| | \nwdsrv.conversion.word.wwintl.dll_9242| wwintl.dll| 16.0.5161.1000| 896800| 15-Apr-21| 03:21 \nwwintl.dll_9242| wwintl.dll| 16.0.5161.1000| 896800| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1053| wwintl.dll| 16.0.5161.1000| 882504| 15-Apr-21| 03:21 \nwwintl.dll_1053| wwintl.dll| 16.0.5161.1000| 882504| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1054| wwintl.dll| 16.0.5161.1000| 903992| 15-Apr-21| 03:21 \nwwintl.dll_1054| wwintl.dll| 16.0.5161.1000| 903992| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1055| wwintl.dll| 16.0.5161.1000| 960816| 15-Apr-21| 03:21 \nwwintl.dll_1055| wwintl.dll| 16.0.5161.1000| 960816| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1058| wwintl.dll| 16.0.5161.1000| 898880| 15-Apr-21| 03:21 \nwwintl.dll_1058| wwintl.dll| 16.0.5161.1000| 898880| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1066| wwintl.dll| 16.0.5161.1000| 992064| 15-Apr-21| 03:21 \nwwintl.dll_1066| wwintl.dll| 16.0.5161.1000| 992064| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_2052| wwintl.dll| 16.0.5161.1000| 775992| 15-Apr-21| 03:21 \nwwintl.dll_2052| wwintl.dll| 16.0.5161.1000| 775992| 15-Apr-21| 03:21 \nwdsrv.conversion.word.wwintl.dll_1028| wwintl.dll| 16.0.5161.1000| 784664| 15-Apr-21| 03:21 \nwwintl.dll_1028| wwintl.dll| 16.0.5161.1000| 784664| 15-Apr-21| 03:21 \njrpcard20.dll_1041| jrpcard20.dll| 16.0.4834.1000| 331168| 14-Apr-21| 10:15 \npdfreflow.exe| pdfreflow.exe| 16.0.5140.1000| 15919968| 14-Apr-21| 10:13 \nwac.word.wwintl.dll_1033| wwintl.dll| 16.0.4936.1000| 780488| | \nwdsrv.conversion.word.wwintl.dll_1033| wwintl.dll| 16.0.4936.1000| 780488| 14-Apr-21| 10:09 \nwwintl.dll_1033| wwintl.dll| 16.0.4936.1000| 780488| 14-Apr-21| 10:09 \nmsword.olb| msword.olb| | 939304| 14-Apr-21| 10:13 \nwinword.exe| winword.exe| 16.0.5161.1000| 1940760| 15-Apr-21| 03:23 \nwrd12cnv.dll| wordcnv.dll| 16.0.5161.1000| 11890472| 15-Apr-21| 03:23 \nwwlib.dll| wwlib.dll| 16.0.5161.1000| 37253400| 15-Apr-21| 03:23 \n \n## Information about protection and security\n\nProtect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151>)Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mskb", "title": "Description of the security update for Word 2016: May 11, 2021 (KB5001919)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31180"], "modified": "2021-05-11T07:00:00", "id": "KB5001919", "href": "https://support.microsoft.com/en-us/help/5001919", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-06-14T17:16:51", "description": "The Microsoft Word Products are missing a security update.\nIt is, therefore, affected by the following vulnerability:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-31180)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Word Products C2R (May 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31180"], "modified": "2022-06-10T00:00:00", "cpe": ["cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*"], "id": "SMB_NT_MS21_MAY_WORD_C2R.NASL", "href": "https://www.tenable.com/plugins/nessus/162122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162122);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\"CVE-2021-31180\");\n script_xref(name:\"IAVA\", value:\"2021-A-0226-S\");\n\n script_name(english:\"Security Updates for Microsoft Word Products C2R (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Word Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Word Products are missing a security update.\nIt is, therefore, affected by the following vulnerability:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-31180)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31180\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar bulletin = 'MS21-05';\n\nvar constraints = [\n {'fixed_version':'16.0.13127.21624','channel': 'Deferred','channel_version': '2008'},\n {'fixed_version':'16.0.12527.21912','channel': 'Deferred'},\n {'fixed_version':'16.0.13901.20516','channel': 'Enterprise Deferred','channel_version': '2103'},\n {'fixed_version':'16.0.13801.20638','channel': 'Enterprise Deferred'},\n {'fixed_version':'16.0.13801.20638','channel': 'First Release for Deferred'},\n {'fixed_version':'16.0.13929.20372','channel': 'Current'},\n {'fixed_version':'16.0.10374.20040','channel': '2019 Volume'},\n {'fixed_version':'16.0.13929.20372','channel': '2019 Retail'}\n];\n\nvcf::microsoft::office_product::check_version_and_report(\n constraints:constraints,\n severity:SECURITY_WARNING,\n bulletin:bulletin,\n subproduct:'Word'\n);", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-11T16:48:50", "description": "The Microsoft Word Products are missing a security update.\nIt is, therefore, affected by the following vulnerability:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-31180)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-05-11T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Word Products (May 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31180"], "modified": "2022-06-10T00:00:00", "cpe": ["cpe:/a:microsoft:word"], "id": "SMB_NT_MS21_MAY_WORD.NASL", "href": "https://www.tenable.com/plugins/nessus/149399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149399);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\"CVE-2021-31180\");\n script_xref(name:\"MSKB\", value:\"5001919\");\n script_xref(name:\"MSKB\", value:\"5001931\");\n script_xref(name:\"MSFT\", value:\"MS21-5001919\");\n script_xref(name:\"IAVA\", value:\"2021-A-0226-S\");\n script_xref(name:\"MSFT\", value:\"MS21-5001931\");\n\n script_name(english:\"Security Updates for Microsoft Word Products (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Word Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Word Products are missing a security update.\nIt is, therefore, affected by the following vulnerability:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-31180)\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-word-2013-may-11-2021-kb5001931-b57d12c6-8413-44a7-8474-11c6c3265340\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7dbdb2a7\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-word-2016-may-11-2021-kb5001919-273a8567-13cc-47ad-8346-3f077b73a2de\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c507177\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5001919\n -KB5001931\n\nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31180\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-05';\nvar kbs = make_list(\n '5001919',\n '5001931'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar port = kb_smb_transport();\n\nvar checks = make_array(\n '15.0', make_array('sp', 1, 'version', '15.0.5345.1000', 'kb', '5001931'),\n '16.0', make_nested_list(\n make_array('sp', 0, 'version', '16.0.5161.1000', 'channel', 'MSI', 'kb', '5001919')\n )\n);\n\nif (hotfix_check_office_product(product:'Word', checks:checks, bulletin:bulletin))\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-11T16:48:51", "description": "The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-28455, CVE-2021-31175, CVE-2021-31176, CVE-2021-31177, CVE-2021-31179, CVE-2021-31180)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-31174, CVE-2021-31178)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-11T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (May 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28455", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180"], "modified": "2022-06-10T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS21_MAY_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/149401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149401);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\n \"CVE-2021-28455\",\n \"CVE-2021-31174\",\n \"CVE-2021-31175\",\n \"CVE-2021-31176\",\n \"CVE-2021-31178\",\n \"CVE-2021-31179\",\n \"CVE-2021-31180\"\n );\n script_xref(name:\"MSKB\", value:\"4464542\");\n script_xref(name:\"MSKB\", value:\"4493197\");\n script_xref(name:\"MSKB\", value:\"4493206\");\n script_xref(name:\"MSKB\", value:\"5001920\");\n script_xref(name:\"MSKB\", value:\"5001923\");\n script_xref(name:\"MSKB\", value:\"5001925\");\n script_xref(name:\"MSKB\", value:\"5001927\");\n script_xref(name:\"MSFT\", value:\"MS21-4464542\");\n script_xref(name:\"MSFT\", value:\"MS21-4493206\");\n script_xref(name:\"MSFT\", value:\"MS21-4493197\");\n script_xref(name:\"MSFT\", value:\"MS21-5001920\");\n script_xref(name:\"MSFT\", value:\"MS21-5001923\");\n script_xref(name:\"MSFT\", value:\"MS21-5001925\");\n script_xref(name:\"MSFT\", value:\"MS21-5001927\");\n script_xref(name:\"IAVA\", value:\"2021-A-0225-S\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-28455, CVE-2021-31175, CVE-2021-31176, CVE-2021-31177,\n CVE-2021-31179, CVE-2021-31180)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive\n information. (CVE-2021-31174, CVE-2021-31178)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4464542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4493197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4493206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001927\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address these issues: \n -KB4464542\n -KB4493206\n -KB4493197\n -KB5001920\n -KB5001923\n -KB5001925\n -KB5001927\n \nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and\nmanually perform an update.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31180\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28455\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-05';\nvar kbs = make_list(\n '4464542',\n '4493197',\n '4493206',\n '5001920',\n '5001923',\n '5001925',\n '5001927'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar vuln = FALSE;\nvar port = kb_smb_transport();\n\nvar office_vers = hotfix_check_office_version();\nvar office_sp, prod, path, kb, file, version;\n\n# Office 2013 SP1\nif (office_vers['15.0'])\n{\n office_sp = get_kb_item('SMB/Office/2013/SP');\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = 'Microsoft Office 2013 SP1';\n\n path = hotfix_get_officecommonfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office15');\n kb = '5001925';\n file = 'mso.dll';\n version = '15.0.5345.1002';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office15');\n kb = '5001927';\n file = 'graph.exe';\n version = '15.0.5345.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n\n path = hotfix_get_officecommonfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office15');\n kb = '4493206';\n file = 'acecore.dll';\n version = '15.0.5345.1001';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office15');\n kb = '4464542';\n file = 'oart.dll';\n version = '15.0.5345.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n }\n}\n\n# Office 2016\nif (office_vers['16.0'])\n{\n office_sp = get_kb_item('SMB/Office/2016/SP');\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = 'Microsoft Office 2016';\n \n # MSI graph.exe\n path = hotfix_get_officeprogramfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office16');\n if (hotfix_check_fversion(file:'graph.exe', version:'16.0.5161.1000', channel:'MSI', channel_product:'Office', path:path, kb:'5001923', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n \n # MSI mso.dll\n path = hotfix_get_officecommonfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office16');\n if (hotfix_check_fversion(file:'mso.dll', version:'16.0.5161.1002', channel:'MSI', channel_product:'Office', path:path, kb:'5001920', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n \n # MSI acecore.dll\n path = hotfix_get_officecommonfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office16');\n if (hotfix_check_fversion(file:'acecore.dll', version:'16.0.5161.1001', channel:'MSI', channel_product:'Office', path:path, kb:'4493197', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-14T17:15:45", "description": "The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-28455, CVE-2021-31175, CVE-2021-31176, CVE-2021-31177, CVE-2021-31179, CVE-2021-31180)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-31174, CVE-2021-31178)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products C2R (May 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28455", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180"], "modified": "2022-06-10T00:00:00", "cpe": ["cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*"], "id": "SMB_NT_MS21_MAY_OFFICE_C2R.NASL", "href": "https://www.tenable.com/plugins/nessus/162095", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162095);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\n \"CVE-2021-28455\",\n \"CVE-2021-31174\",\n \"CVE-2021-31175\",\n \"CVE-2021-31176\",\n \"CVE-2021-31178\",\n \"CVE-2021-31179\",\n \"CVE-2021-31180\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0225-S\");\n\n script_name(english:\"Security Updates for Microsoft Office Products C2R (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-28455, CVE-2021-31175, CVE-2021-31176, CVE-2021-31177,\n CVE-2021-31179, CVE-2021-31180)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive\n information. (CVE-2021-31174, CVE-2021-31178)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31180\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28455\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar bulletin = 'MS21-05';\n\nvar app_info = vcf::microsoft::office::get_app_info(app:'Microsoft Office');\n\nvar constraints = [\n \n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.13127.21624','channel': 'Deferred','channel_version': '2008'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.12527.21912','channel': 'Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.13901.20516','channel': 'Enterprise Deferred','channel_version': '2103'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.13801.20638','channel': 'Enterprise Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.13801.20638','channel': 'First Release for Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.13929.20372','channel': 'Current'},\n {'product':'Microsoft Office 2019','file':'graph.exe','fixed_version':'16.0.13929.20372','channel': '2019 Retail'},\n {'product':'Microsoft Office 2019','file':'graph.exe','fixed_version':'16.0.10374.20040','channel': '2019 Volume'}\n];\n\nvcf::microsoft::office::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n bulletin:bulletin,\n subproduct:'Office'\n);", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T17:59:08", "description": "Microsoft Office Graphics Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-11T19:15:00", "type": "cve", "title": "CVE-2021-31180", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31180"], "modified": "2021-05-18T13:33:00", "cpe": ["cpe:/a:microsoft:word:2013", "cpe:/a:microsoft:word:2016", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019", "cpe:/a:microsoft:365_apps:-"], "id": "CVE-2021-31180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31180", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2021-12-06T18:21:05", "description": "Microsoft Office Graphics Remote Code Execution Vulnerability \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mscve", "title": "Microsoft Office Graphics Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31180"], "modified": "2021-05-11T07:00:00", "id": "MS:CVE-2021-31180", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31180", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T10:56:25", "description": "### *Detect date*:\n05/11/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Office Online Server \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Excel 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Word 2016 (64-bit edition) \nMicrosoft Excel 2013 Service Pack 1 (64-bit editions) \nMicrosoft Word 2013 RT Service Pack 1 \nSkype for Business Server 2015 CU11 \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Excel 2016 (64-bit edition) \nMicrosoft Word 2013 Service Pack 1 (64-bit editions) \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nSkype for Business Server 2019 CU5 \nMicrosoft Office 2019 for Mac \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft Word 2016 (32-bit edition) \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Lync Server 2013 CU10 \nMicrosoft Excel 2016 (32-bit edition) \nMicrosoft SharePoint Server 2019 \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft Word 2013 Service Pack 1 (32-bit editions)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-31181](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31181>) \n[CVE-2021-26421](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26421>) \n[CVE-2021-26422](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26422>) \n[CVE-2021-31178](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31178>) \n[CVE-2021-28455](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28455>) \n[CVE-2021-26418](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26418>) \n[CVE-2021-31179](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31179>) \n[CVE-2021-31180](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31180>) \n[CVE-2021-28478](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28478>) \n[CVE-2021-28474](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28474>) \n[CVE-2021-31172](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31172>) \n[CVE-2021-31177](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31177>) \n[CVE-2021-31173](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31173>) \n[CVE-2021-31176](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31176>) \n[CVE-2021-31174](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31174>) \n[CVE-2021-31175](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31175>) \n[CVE-2021-31171](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31171>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Lync](<https://threats.kaspersky.com/en/product/Microsoft-Lync/>)\n\n### *CVE-IDS*:\n[CVE-2021-28455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28455>)5.0Critical \n[CVE-2021-31181](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31181>)6.5High \n[CVE-2021-26421](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26421>)5.0Critical \n[CVE-2021-26422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26422>)5.0Critical \n[CVE-2021-31178](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31178>)5.0Critical \n[CVE-2021-26418](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26418>)5.0Critical \n[CVE-2021-31179](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31179>)5.0Critical \n[CVE-2021-31180](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31180>)5.0Critical \n[CVE-2021-28478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28478>)5.0Critical \n[CVE-2021-28474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28474>)5.0Critical \n[CVE-2021-31172](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31172>)5.0Critical \n[CVE-2021-31177](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31177>)5.0Critical \n[CVE-2021-31173](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31173>)5.0Critical \n[CVE-2021-31176](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31176>)5.0Critical \n[CVE-2021-31174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31174>)5.0Critical \n[CVE-2021-31175](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31175>)5.0Critical \n[CVE-2021-31171](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31171>)5.0Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[5001914](<http://support.microsoft.com/kb/5001914>) \n[5001931](<http://support.microsoft.com/kb/5001931>) \n[5001919](<http://support.microsoft.com/kb/5001919>) \n[5001917](<http://support.microsoft.com/kb/5001917>) \n[4493197](<http://support.microsoft.com/kb/4493197>) \n[5003729](<http://support.microsoft.com/kb/5003729>) \n[4464542](<http://support.microsoft.com/kb/4464542>) \n[5001920](<http://support.microsoft.com/kb/5001920>) \n[5001927](<http://support.microsoft.com/kb/5001927>) \n[5001923](<http://support.microsoft.com/kb/5001923>) \n[4493206](<http://support.microsoft.com/kb/4493206>) \n[5001918](<http://support.microsoft.com/kb/5001918>) \n[5001916](<http://support.microsoft.com/kb/5001916>) \n[5001928](<http://support.microsoft.com/kb/5001928>) \n[5001936](<http://support.microsoft.com/kb/5001936>) \n[5001925](<http://support.microsoft.com/kb/5001925>) \n[5001935](<http://support.microsoft.com/kb/5001935>) \n[4504711](<http://support.microsoft.com/kb/4504711>) \n[4484527](<http://support.microsoft.com/kb/4484527>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "type": "kaspersky", "title": "KLA12175 Multiple vulnerabilities in Microsoft Office", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26418", "CVE-2021-26421", "CVE-2021-26422", "CVE-2021-28455", "CVE-2021-28474", "CVE-2021-28478", "CVE-2021-31171", "CVE-2021-31172", "CVE-2021-31173", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180", "CVE-2021-31181"], "modified": "2021-06-22T00:00:00", "id": "KLA12175", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12175/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2021-05-22T09:01:54", "description": "\n\nHere we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of them being scored as critical. Let's dive into the details.\n\n## HTTP Protocol Stack Remote Code Execution Vulnerability - [[[CVE-2021-31166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>)](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166>)](<https://blog.rapid7.com/p/a0284057-0a58-48f2-89f5-a9b1d04661c3/CVE-2021-31166>)\n\nThe hottest vulnerability this month is in the HTTP.sys library. If an attacker has network access to a webserver running on an unpatched asset they may be able to send a specially crafted packet which could result in RCE. This was found internally by Microsoft and has not yet been observed in the wild. However, it is only a matter of time before someone figures out how to craft that special packet and we start to see widespread use against Windows 10 and Windows Server machines. Rated at 9.8, this potentially wormable vulnerability should be a high priority for remediation.\n\n## Hyper-V Remote Code Execution - [CVE-2021-28476](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28476>)\n\nThere is some debate whether this vulnerability deserves its assigned 9.9 severity score. The limited details indicate that the most likely use of this bug is to cause a DoS on the Hyper-V host. This can cause a good amount of trouble for anyone running virtual machines but is not as damaging as the theoretical RCE this vulnerability could provide. In either case this is a good patch to put at the top of the todo-list.\n\n## Exchange Server Security Feature Bypass - [CVE-2021-31207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>)\n\nNot to be outdone, Exchange Server is back again with yet another patch. This one is not nearly as high profile as the recent vulnerability which saw widespread use, but still an important patch to apply given that Exchange Servers are almost always exposed to the internet. There are a few other less severe vulnerabilities this month for Exchange which were disclosed at Pwn2Own in April. We expect to see a continued focus on Exchange Server in the months to come.\n\n## Summary Tables\n\n## Azure Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31936](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31936>) | Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | No | No | 7.4 | Yes \n \n## Browser ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419>) | Scripting Engine Memory Corruption Vulnerability | No | No | 7.5 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27068>) | Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31213](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31213>) | Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31211](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31211>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31214](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31214>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204>) | .NET and Visual Studio Elevation of Privilege Vulnerability | No | Yes | 7.3 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31209](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-31207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>) | Microsoft Exchange Server Security Feature Bypass Vulnerability | No | Yes | 6.6 | Yes \n[CVE-2021-31198](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-31195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 6.5 | No \n \n## Microsoft Dynamics Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28461>) | Dynamics Finance and Operations Cross-site Scripting Vulnerability | No | No | 6.1 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26421](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26421>) | Skype for Business and Lync Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2021-26422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26422>) | Skype for Business and Lync Remote Code Execution Vulnerability | No | No | 7.2 | No \n[CVE-2021-28478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 7.1 | No \n[CVE-2021-26418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 4.6 | No \n[CVE-2021-28474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-31173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-31181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181>) | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171>) | Microsoft SharePoint Information Disclosure Vulnerability | No | No | 4.1 | Yes \n[CVE-2021-31175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31175>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31176>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31179>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31178>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31180>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31174>) | Microsoft Excel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n## Open Source Software Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31200>) | Common Utilities Remote Code Execution Vulnerability | No | Yes | 7.2 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31205](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31205>) | Windows SMB Client Security Feature Bypass Vulnerability | No | No | 4.3 | Yes \n[CVE-2021-31191](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31191>) | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31192](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31192>) | Windows Media Foundation Core Remote Code Execution Vulnerability | No | No | 7.3 | No \n[CVE-2021-31170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31170>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31185>) | Windows Desktop Bridge Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-31165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31165>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31167>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31168>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31169>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31208](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31208>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31190>) | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28479](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28479>) | Windows CSC Service Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-28465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28465>) | Web Media Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166>) | HTTP Protocol Stack Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n \n## Windows ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2020-24588](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-24588>) | Windows Wireless Networking Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2020-26144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26144>) | Windows Wireless Networking Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2020-24587](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-24587>) | Windows Wireless Networking Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-31193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31193>) | Windows SSDP Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31186>) | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | No | No | 7.4 | Yes \n[CVE-2021-31188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31194](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31194>) | OLE Automation Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31184>) | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31182>) | Microsoft Bluetooth Driver Spoofing Vulnerability | No | No | 7.1 | No \n[CVE-2021-28476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476>) | Hyper-V Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n \n## Windows Microsoft Office ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455>) | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n \n## Summary Graphs\n\n", "cvss3": {}, "published": "2021-05-11T23:44:00", "type": "rapid7blog", "title": "Patch Tuesday - May 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26144", "CVE-2021-26418", "CVE-2021-26419", "CVE-2021-26421", "CVE-2021-26422", "CVE-2021-27068", "CVE-2021-28455", "CVE-2021-28461", "CVE-2021-28465", "CVE-2021-28474", "CVE-2021-28476", "CVE-2021-28478", "CVE-2021-28479", "CVE-2021-31165", "CVE-2021-31166", "CVE-2021-31167", "CVE-2021-31168", "CVE-2021-31169", "CVE-2021-31170", "CVE-2021-31171", "CVE-2021-31172", "CVE-2021-31173", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180", "CVE-2021-31181", "CVE-2021-31182", "CVE-2021-31184", "CVE-2021-31185", "CVE-2021-31186", "CVE-2021-31187", "CVE-2021-31188", "CVE-2021-31190", "CVE-2021-31191", "CVE-2021-31192", "CVE-2021-31193", "CVE-2021-31194", "CVE-2021-31195", "CVE-2021-31198", "CVE-2021-31200", "CVE-2021-31204", "CVE-2021-31205", "CVE-2021-31207", "CVE-2021-31208", "CVE-2021-31209", "CVE-2021-31211", "CVE-2021-31213", "CVE-2021-31214", "CVE-2021-31936"], "modified": "2021-05-11T23:44:00", "id": "RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E", "href": "https://blog.rapid7.com/2021/05/11/patch-tuesday-may-2021/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2021-06-14T06:32:34", "description": "### Microsoft Patch Tuesday \u2013 May 2021\n\nMicrosoft patched 55 CVEs in their May 2021 Patch Tuesday release, of which 4 are rated as critical severity. Three 0-day vulnerability patches were included in the release. As of this publication date, none have been exploited.\n\nQualys released 12 QIDs on the same day, providing vulnerability detection and patch management coverage (where applicable) for all 55 CVEs and the related KBs.\n\n#### Critical Microsoft vulnerabilities patched: \n\n**CVE-2021-31181 **- SharePoint Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in SharePoint (CVE-2021-31181). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 8.8 by the vendor. \n\n**CVE-2021-31166 **- HTTP Protocol Stack Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in Windows. This vulnerability allows an unauthenticated attacker to remotely execute code as kernel. This is a wormable vulnerability where an attacker can simply send a malicious crafted packet to the target impacted web-server. CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 9.8 by the vendor.\n\n**CVE-2021-28476** - Hyper-V Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE in Windows Server that impacts Hyper-V. Though the exploitation of this vulnerability is less likely (according to Microsoft), this should be prioritized for patching since adversaries can abuse this vulnerability and cause Denial of Service (DoS) in the form of a bug check. This CVE is assigned a CVSSv3 base score of 9.9 by the vendor.\n\n#### Three 0-day vulnerabilities patched: \n\n * CVE-2021-31204 - .NET and Visual Studio Elevation of Privilege Vulnerability \n * CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability\n * CVE-2021-31200 - Common Utilities Remote Code Execution Vulnerability\n\n#### Qualys QIDs Providing Coverage\n\nQID| Title| Severity| CVE ID \n---|---|---|--- \n100415| Microsoft Internet Explorer Security Update for May 2021| Medium| CVE-2021-26419 \n91762| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities May 2021| High| CVE-2021-31181 \nCVE-2021-31173 \nCVE-2021-31172 \nCVE-2021-31171 \nCVE-2021-26418 \nCVE-2021-28478 \nCVE-2021-28474 \n110381| Microsoft Office and Microsoft Office Services and Web Apps Security Update May 2021| High| CVE-2021-31180 \nCVE-2021-31179 \nCVE-2021-31178 \nCVE-2021-31177 \nCVE-2021-31176 \nCVE-2021-31175 \nCVE-2021-31174 \nCVE-2021-28455 \n110382| Microsoft Skype for Business Server Security and Lync Server Update for May 2021| High| CVE-2021-26421 \nCVE-2021-26422 \n375556| Visual Studio Code Remote Code Execution Vulnerability| High| CVE-2021-31214 \nCVE-2021-31211 \n375557| Visual Studio Code Remote Development for Containers Extension Remote Code Execution Vulnerability| Medium| CVE-2021-31213 \n50111| Microsoft Exchange Server Multiple Vulnerabilities - May 2021| High| CVE-2021-31209 \nCVE-2021-31207 \nCVE-2021-31198 \nCVE-2021-31195 \n91762| Microsoft Windows Security Update for May 2021| Critical| CVE-2021-31192 \nCVE-2021-31188 \nCVE-2021-31170 \nCVE-2021-28476 \nCVE-2021-31184 \nCVE-2021-31190 \nCVE-2021-31167 \nCVE-2021-31168 \nCVE-2021-31208 \nCVE-2021-31169 \nCVE-2021-31165 \nCVE-2021-1720 \nCVE-2021-28479 \nCVE-2021-31185 \nCVE-2021-31194 \nCVE-2021-31191 \nCVE-2021-31186 \nCVE-2021-31205 \nCVE-2021-31193 \nCVE-2021-31187 \nCVE-2020-26144 \nCVE-2020-24587 \nCVE-2020-24588 \n91763| Microsoft Visual Studio Security Update for May 2021| High| CVE-2021-27068 \nCVE-2021-31204 \n91764| Microsoft Windows Web Media Extensions Remote Code Execution Vulnerability| High| CVE-2021-28465 \n91766| Microsoft .NET Core Security Update May 2021| Medium| CVE-2021-31204 \n91767| Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability - May 2021| Critical| CVE-2021-31166 \n \n### Adobe Patch Tuesday \u2013 May 2021\n\nAdobe addressed 46 CVEs this Patch Tuesday, of which 26 are rated as critical severity, including one critical 0-day (CVE-2021-28550) impacting Adobe Acrobat and Reader product.\n\nAdobe products patches include the following: Experience Manager, InDesign, Illustrator, InCopy, Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop Application, Media Encoder, After Effects, Medium, and Animate products.\n\nQualys released 5 QIDs on the same day, providing vulnerability detection for 30 of the 46 CVEs, including 8 rated as critical.\n\n#### One 0-day vulnerability patched:\n\n**CVE-2021-28550**\n\nThis is a Remote Code Execution vulnerability impacting Adobe Acrobat and Reader and is being actively exploited in the wild on Windows devices. Adversaries are able to execute arbitrary code in windows, including installing malicious applications and gaining complete access to target machines.\n\nAdobe Security Bulletin| QID| Severity| CVE ID \n---|---|---|--- \n[APSB21-22 Security updates available for Adobe InDesign](<https://helpx.adobe.com/security/products/indesign/apsb21-22.html>)| 375549| Critical \nCritical \nCritical| CVE-2021-21098 \nCVE-2021-21099 \nCVE-2021-21043 \n[APSB21-24 Security update available for Adobe Illustrator](<https://helpx.adobe.com/security/products/illustrator/apsb21-24.html>)| 375551| Critical \nCritical \nCritical \nCritical \nCritical| CVE-2021-21101 \nCVE-2021-21103 \nCVE-2021-21104 \nCVE-2021-21105 \nCVE-2021-21102 \n[APSB21-29 Security update available for Adobe Acrobat and Reader](<https://helpx.adobe.com/security/products/acrobat/apsb21-29.html>)| 375547| Important \nCritical \nImportant \nCritical \nImportant \nCritical \nCritical \nCritical \nCritical \nCritical \nImportant \nCritical \nCritical \nCritical| CVE-2021-28561 \nCVE-2021-28560 \nCVE-2021-28558 \nCVE-2021-28557 \nCVE-2021-28555 \nCVE-2021-28565 \nCVE-2021-28564 \nCVE-2021-21044 \nCVE-2021-21038 \nCVE-2021-21086 \nCVE-2021-28559 \nCVE-2021-28562 \nCVE-2021-28550 \nCVE-2021-28553 \n[APSB21-32 Security update available for Adobe Media Encoder](<https://helpx.adobe.com/security/products/media-encoder/apsb21-32.html>)| 375550| Important| CVE-2021-28569 \n[APSB21-35 Security update available for Adobe Animate7](<https://helpx.adobe.com/security/products/animate/apsb21-35.html>)| 375553| Important \nImportant \nImportant \nImportant \nImportant \nCritical \nCritical| CVE-2021-28572 \nCVE-2021-28573 \nCVE-2021-28574 \nCVE-2021-28575 \nCVE-2021-28576 \nCVE-2021-28578 \nCVE-2021-28577 \n \n### Discover Patch Tuesday Vulnerabilities in VMDR \n\n[Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`50111` OR qid:`91762` OR qid:`91763` OR qid:`91764` OR qid:`91766` OR qid:`91767` OR qid:`100415` OR qid:`110380` OR qid:`110381` OR qid:`110382` OR qid:`375547` OR qid:`375549` OR qid:`375550` OR qid:`375551` OR qid:`375553` OR qid:`375556` OR qid:`375557`)`\n\n\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`qid:`50111` OR qid:`91762` OR qid:`91763` OR qid:`91764` OR qid:`91766` OR qid:`91767` OR qid:`100415` OR qid:`110380` OR qid:`110381` OR qid:`110382` OR qid:`375547` OR qid:`375549` OR qid:`375550` OR qid:`375551` OR qid:`375553` OR qid:`375556` OR qid:`375557``\n\n\n\n### Patch Tuesday Dashboard \n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://qualys-secure.force.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Patches_](<https://www.brighttalk.com/webcast/11673/486394>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * 21Nails Exim Mail Server Multiple Vulnerabilities\n * Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)\n * Microsoft Patch Tuesday, May 2021\n\n[Join us live or watch on demand](<https://www.brighttalk.com/webcast/11673/486394>)!\n\n### About Patch Tuesday \n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {}, "published": "2021-05-11T21:53:37", "type": "qualysblog", "title": "Microsoft & Adobe Patch Tuesday (May 2021) \u2013 Qualys covers 85 Vulnerabilities, 26 Critical", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26144", "CVE-2021-1720", "CVE-2021-21038", "CVE-2021-21043", "CVE-2021-21044", "CVE-2021-21086", "CVE-2021-21098", "CVE-2021-21099", "CVE-2021-21101", "CVE-2021-21102", "CVE-2021-21103", "CVE-2021-21104", "CVE-2021-21105", "CVE-2021-22893", "CVE-2021-26418", "CVE-2021-26419", "CVE-2021-26421", "CVE-2021-26422", "CVE-2021-27068", "CVE-2021-28455", "CVE-2021-28465", "CVE-2021-28474", "CVE-2021-28476", "CVE-2021-28478", "CVE-2021-28479", "CVE-2021-28550", "CVE-2021-28553", "CVE-2021-28555", "CVE-2021-28557", "CVE-2021-28558", "CVE-2021-28559", "CVE-2021-28560", "CVE-2021-28561", "CVE-2021-28562", "CVE-2021-28564", "CVE-2021-28565", "CVE-2021-28569", "CVE-2021-28572", "CVE-2021-28573", "CVE-2021-28574", "CVE-2021-28575", "CVE-2021-28576", "CVE-2021-28577", "CVE-2021-28578", "CVE-2021-31165", "CVE-2021-31166", "CVE-2021-31167", "CVE-2021-31168", "CVE-2021-31169", "CVE-2021-31170", "CVE-2021-31171", "CVE-2021-31172", "CVE-2021-31173", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180", "CVE-2021-31181", "CVE-2021-31184", "CVE-2021-31185", "CVE-2021-31186", "CVE-2021-31187", "CVE-2021-31188", "CVE-2021-31190", "CVE-2021-31191", "CVE-2021-31192", "CVE-2021-31193", "CVE-2021-31194", "CVE-2021-31195", "CVE-2021-31198", "CVE-2021-31200", "CVE-2021-31204", "CVE-2021-31205", "CVE-2021-31207", "CVE-2021-31208", "CVE-2021-31209", "CVE-2021-31211", "CVE-2021-31213", "CVE-2021-31214"], "modified": "2021-05-11T21:53:37", "id": "QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
Description of the security update for Word 2013: May 11, 2021 (KB5001931)
