Search...

Удаленный отказ в обслуживании сетевого оборудования Compex

2006-02-27T00:00:00

ID SECURITYVULNS:DOC:11605
Type securityvulns
Reporter Securityvulns
Modified 2006-02-27T00:00:00

Description

Удаленный отказ в обслуживании сетевого оборудования Compex Класс уязвимости: Удаленный DOS

Описание: Удаленный пользователь может вызвать отказ в обслуживании сетевого оборудования Compex с установленным и активированным агентом UConfig (активирован по-умолчанию).

Уязвимость присутствует в дизайне программного обеспечения, позволяющего злоумышленнику перезагрузить устройство без прохождения процедуры аутентификации.

Для перезагрузки устройства, необходимо послать специальный UDP пакет с порта 7778 атакующего на порт 7778 сетевого устройства.

Критичность уязвимости: высокая Эксплоит: скоро будет Методы решения проблемы: Отключить агент UConfig или сменить прошивку.

/dev/0id Ukr Security Team

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:11605", "bulletinFamily": "software", "title": "\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f Compex", "description": "\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f Compex\r\n\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 DOS\r\n\r\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:\r\n\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f Compex \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0430\u0433\u0435\u043d\u0442\u043e\u043c UConfig (\u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d \u043f\u043e-\u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e).\r\n\r\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0434\u0438\u0437\u0430\u0439\u043d\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0431\u0435\u0437 \u043f\u0440\u043e\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\r\n\r\n\u0414\u043b\u044f \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043f\u043e\u0441\u043b\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 UDP \u043f\u0430\u043a\u0435\u0442 \u0441 \u043f\u043e\u0440\u0442\u0430 7778 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0433\u043e \u043d\u0430 \u043f\u043e\u0440\u0442 7778 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\r\n\r\n\r\n\u041a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \u0432\u044b\u0441\u043e\u043a\u0430\u044f\r\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442: \u0441\u043a\u043e\u0440\u043e \u0431\u0443\u0434\u0435\u0442\r\n\u041c\u0435\u0442\u043e\u0434\u044b \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b: \u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0430\u0433\u0435\u043d\u0442 UConfig \u0438\u043b\u0438 \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\r\n\r\n/dev/0id Ukr Security Team\r\n", "published": "2006-02-27T00:00:00", "modified": "2006-02-27T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11605", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:16", "edition": 1, "viewCount": 432, "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2018-08-31T11:10:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2020-11605", "CVE-2019-11605", "CVE-2015-9286", "CVE-2017-11605", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_4FAAC8056BE011E9A685001B217B3468.NASL", "OPENSUSE-2017-1250.NASL"]}, {"type": "freebsd", "idList": ["4FAAC805-6BE0-11E9-A685-001B217B3468"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32659", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:DOC:32656", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:16", "rev": 2}, "vulnersScore": 5.5}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"mskb": [{"id": "KB5001999", "hash": "67e7e92fd48a05dd742497eb41d55a34", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: September 14, 2021 (KB5001999)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel remote code execution\nvulnerability. To learn more about the vulnerability, see [Microsoft Common\nVulnerabilities and Exposures\nCVE-2021-38655](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-38655).\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001999)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001999 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=0e36e873-904d-4e73-9ab7-236c0e4f119c)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: September 14, 2021 (KB5005848)](/en-us/topic/security-update-\ndeployment-information-\nseptember-14-2021-kb5005848-40a6ae09-aa00-497c-ba23-f4a62d7c813b).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[5001973](https://support.microsoft.com/kb/5001973).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nwacserver2019-kb5001999-fullfile-x64-glb.exe|\n416C5C259A0CFF67D4BD4681F8EF42BB24C8C0A846D5D1B4B4E1274C3DD3B9AE \n \n### File information\n\nDownload [the list of files that are included in security update\n5001999](https://download.microsoft.com/download/5/6/c/56caf349-2424-46f9-a6cb-\ncb5b1f6c4943/5001999.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-09-14T07:00:00", "modified": "2021-09-14T07:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/5001999", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-38655"], "immutableFields": [], "lastseen": "2021-09-15T20:12:19", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-38655"]}, {"type": "mskb", "idList": ["KB5002009", "KB5002003", "KB5002014"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_SEP_OFFICE_WEB.NASL", "SMB_NT_MS21_SEP_OFFICE.NASL", "SMB_NT_MS21_SEP_EXCEL.NASL", "MACOS_MS21_SEP_OFFICE.NASL"]}, {"type": "mscve", "idList": ["MS:CVE-2021-38655"]}, {"type": "zdi", "idList": ["ZDI-21-1080"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}], "modified": "2021-09-15T20:12:19", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-09-15T20:12:19", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001999", "msrc": "", "mscve": "CVE-2021-38655", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4462169", "KB4493229", "KB4484141", "KB4011027", "KB4504714", "KB4486713", "KB4484290", "KB4475528", "KB5001914", "KB4475595", "KB4484223", "KB4486750", "KB4493160", "KB4484503", "KB5001973", "KB4484254", "KB4475511", "KB4484270", "KB4484470", "KB4484451", "KB4493192", "KB5001943", "KB4461633"], "parentseeds": [], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB5001973", "hash": "54b2125829f030ded9e7ceb74c4383ee", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: July 13, 2021 (KB5001973)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Office Online Server spoofing\nvulnerability and Microsoft Excel remote code execution vulnerability. To\nlearn more, see [Microsoft Common Vulnerabilities and Exposures\nCVE-2021-34451](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34451) and [Microsoft Common Vulnerabilities and\nExposures CVE-2021-34501](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34501).\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\n **Note:** Support for Windows Server 2019 has been added for Office Online\nServer.\n\nUsing TLS 1.1 and TLS 1.2 together with Office Online Server requires strong\ncryptography in .NET Framework 4.5 and later versions. This update enables the\nstrong cryptography in .NET Framework 4.5 or later by adding the following\nregistry keys. After you install this update, you don't have to manually\nenable strong cryptography, as you would otherwise have to do by following the\nsteps in the first section of [Enable TLS 1.1 and TLS 1.2 support in Office\nOnline Server](https://docs.microsoft.com/officeonlineserver/enable-\ntls-1-1-and-tls-1-2-support-in-office-online-server). \n \nWindows Registry Editor Version\n5.00[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Wow6432Node\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001973)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001973 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=2e2849ad-a75c-492a-a7eb-d526558007ce)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: July 13, 2021 (KB5004480)](/en-us/topic/security-update-\ndeployment-information-july-13-2021-kb5004480-24aa34b8-b210-41cf-\nadbb-44b8a9ae84dc).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[5001943](https://support.microsoft.com/kb/5001943).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nwacserver2019-kb5001973-fullfile-x64-glb.exe|\n04E78403CAB7C5FA7FF1C90C9BCF4891C2E37176C1CB7B5352665149B8FEC871 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001973](https://download.microsoft.com/download/7/c/6/7c64397f-3c99-4390-84eb-95048300256e/5001973.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34501", "CVE-2021-34451"], "immutableFields": [], "lastseen": "2021-09-15T20:12:00", "history": [{"bulletin": {"id": "KB5001973", "hash": "7c9a55ffea5a0539d06c61ee3ac4b522", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: July 13, 2021 (KB5001973)", "description": "# Description of the security update for Office Online Server: July 13, 2021\n(KB5001973)\n\n## Summary\n\nThis security update resolves a Microsoft Office Online Server spoofing\nvulnerability and Microsoft Excel remote code execution vulnerability. To\nlearn more, see [Microsoft Common Vulnerabilities and Exposures\nCVE-2021-34451](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34451) and [Microsoft Common Vulnerabilities and\nExposures CVE-2021-34501](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34501).\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nUsing TLS 1.1 and TLS 1.2 together with Office Online Server requires strong\ncryptography in .NET Framework 4.5 and later versions. This update enables the\nstrong cryptography in .NET Framework 4.5 or later by adding the following\nregistry keys. After you install this update, you don't have to manually\nenable strong cryptography, as you would otherwise have to do by following the\nsteps in the first section of [Enable TLS 1.1 and TLS 1.2 support in Office\nOnline Server](https://docs.microsoft.com/officeonlineserver/enable-\ntls-1-1-and-tls-1-2-support-in-office-online-server). \n \nWindows Registry Editor Version\n5.00[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Wow6432Node\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001973)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001973 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=2e2849ad-a75c-492a-a7eb-d526558007ce)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: July 13, 2021 (KB5004480)](/en-us/topic/security-update-\ndeployment-information-july-13-2021-kb5004480-24aa34b8-b210-41cf-\nadbb-44b8a9ae84dc).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[5001943](https://support.microsoft.com/kb/5001943).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nwacserver2019-kb5001973-fullfile-x64-glb.exe|\n04E78403CAB7C5FA7FF1C90C9BCF4891C2E37176C1CB7B5352665149B8FEC871 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001973](https://download.microsoft.com/download/7/c/6/7c64397f-3c99-4390-84eb-95048300256e/5001973.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34451", "CVE-2021-34501"], "immutableFields": [], "lastseen": "2021-07-25T00:04:34", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-25T00:04:34", "references": [{"idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"], "type": "rapid7blog"}, {"idList": ["CVE-2021-34451", "CVE-2021-34501"], "type": "cve"}, {"idList": ["MACOS_MS21_JUL_OFFICE.NASL", "SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "SMB_NT_MS21_JUL_EXCEL.NASL"], "type": "nessus"}, {"idList": ["MS:CVE-2021-34501", "MS:CVE-2021-34451"], "type": "mscve"}, {"idList": ["KB5001986", "KB5001977", "KB5001993"], "type": "mskb"}], "rev": 2}, "score": {"modified": "2021-07-25T00:04:34", "rev": 2, "value": 5.1, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB5001973", "msrc": "", "mscve": "CVE-2021-34501", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB5001943", "KB4493160", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486750", "KB4486713", "KB4484141", "KB4486674", "KB4504714", "KB4493229", "KB4484290", "KB5001914", "KB4493192", "KB4484254"], "parentseeds": [], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-25T00:04:34", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "title"], "edition": 1}, {"bulletin": {"id": "KB5001973", "hash": "2cfcfabb6f4eab049bc1bdd9ee3a9c12aa7c723ce486ffe0940716b9eb5e9e5f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-07-13", "description": "", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34501"], "immutableFields": [], "lastseen": "2021-07-27T10:16:28", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2021-07-27T10:16:28", "references": [{"idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"], "type": "rapid7blog"}, {"idList": ["KB5001977", "KB5001993"], "type": "mskb"}, {"idList": ["MS:CVE-2021-34501"], "type": "mscve"}, {"idList": ["MACOS_MS21_JUL_OFFICE.NASL", "SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "SMB_NT_MS21_JUL_EXCEL.NASL"], "type": "nessus"}, {"idList": ["CVE-2021-34501"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:16:28", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB5001973", "msrc": "", "mscve": "CVE-2021-34501", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4504714", "KB4484290", "KB4486713", "KB5001914", "KB4484270", "KB4475511", "KB4493160", "KB4486674", "KB4011027", "KB4484470", "KB4484254", "KB4484503", "KB4493229", "KB4462169", "KB4461633", "KB4475528", "KB4493192", "KB4486750", "KB4484223", "KB4484451", "KB5001943"], "parentseeds": [], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:16:28", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "superseeds"], "edition": 2}, {"bulletin": {"id": "KB5001973", "hash": "a3784c6fca30e544b407d3cbb2b409bfde4c3ce4b32520e4bc113d869b3f3db2", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-07-13", "description": "", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34501"], "immutableFields": [], "lastseen": "2021-07-27T10:16:28", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-07-27T10:16:28", "references": [{"idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"], "type": "rapid7blog"}, {"idList": ["KB5001977", "KB5001993"], "type": "mskb"}, {"idList": ["MS:CVE-2021-34501"], "type": "mscve"}, {"idList": ["MACOS_MS21_JUL_OFFICE.NASL", "SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "SMB_NT_MS21_JUL_EXCEL.NASL"], "type": "nessus"}, {"idList": ["CVE-2021-34501"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:16:28", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:16:28", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "superseeds", "title"], "edition": 3}, {"bulletin": {"id": "KB5001973", "hash": "e142415fcf027777c1ee2441462a5910", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: July 13, 2021 (KB5001973)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Office Online Server spoofing\nvulnerability and Microsoft Excel remote code execution vulnerability. To\nlearn more, see [Microsoft Common Vulnerabilities and Exposures\nCVE-2021-34451](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34451) and [Microsoft Common Vulnerabilities and\nExposures CVE-2021-34501](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34501).\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\n **Note:** Support for Windows Server 2019 has been added for Office Online\nServer.\n\nUsing TLS 1.1 and TLS 1.2 together with Office Online Server requires strong\ncryptography in .NET Framework 4.5 and later versions. This update enables the\nstrong cryptography in .NET Framework 4.5 or later by adding the following\nregistry keys. After you install this update, you don't have to manually\nenable strong cryptography, as you would otherwise have to do by following the\nsteps in the first section of [Enable TLS 1.1 and TLS 1.2 support in Office\nOnline Server](https://docs.microsoft.com/officeonlineserver/enable-\ntls-1-1-and-tls-1-2-support-in-office-online-server). \n \nWindows Registry Editor Version\n5.00[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Wow6432Node\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001973)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001973 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=2e2849ad-a75c-492a-a7eb-d526558007ce)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: July 13, 2021 (KB5004480)](/en-us/topic/security-update-\ndeployment-information-july-13-2021-kb5004480-24aa34b8-b210-41cf-\nadbb-44b8a9ae84dc).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[5001943](https://support.microsoft.com/kb/5001943).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nwacserver2019-kb5001973-fullfile-x64-glb.exe|\n04E78403CAB7C5FA7FF1C90C9BCF4891C2E37176C1CB7B5352665149B8FEC871 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001973](https://download.microsoft.com/download/7/c/6/7c64397f-3c99-4390-84eb-95048300256e/5001973.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34451", "CVE-2021-34501"], "immutableFields": [], "lastseen": "2021-08-12T23:54:09", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-34451", "CVE-2021-34501"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "SMB_NT_MS21_JUL_EXCEL.NASL", "MACOS_MS21_JUL_OFFICE.NASL"]}, {"type": "mscve", "idList": ["MS:CVE-2021-34451", "MS:CVE-2021-34501"]}, {"type": "zdi", "idList": ["ZDI-21-969"]}, {"type": "mskb", "idList": ["KB5001977", "KB5001993", "KB5001986"]}, {"type": "kaspersky", "idList": ["KLA12220"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"]}], "modified": "2021-08-12T23:54:09", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-08-12T23:54:09", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001973", "msrc": "", "mscve": "CVE-2021-34501", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484223", "KB5001914", "KB4484141", "KB4484470", "KB4475511", "KB5001943", "KB4475595", "KB4011027", "KB4484270", "KB4486713", "KB4462169", "KB4504714", "KB4493229", "KB4493192", "KB4484254", "KB4486674", "KB4484451", "KB4484290", "KB4461633", "KB4493160", "KB4475528", "KB4484503", "KB4486750"], "parentseeds": [], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:54:09", "differentElements": ["cvelist", "description", "title"], "edition": 4}, {"bulletin": {"id": "KB5001973", "hash": "1f078817a7a84002dc8fbe280ee5b1ca", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-07-13", "description": "", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34501"], "immutableFields": [], "lastseen": "2021-08-28T09:38:17", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-34501"]}, {"type": "nessus", "idList": ["MACOS_MS21_JUL_OFFICE.NASL", "SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "SMB_NT_MS21_JUL_EXCEL.NASL"]}, {"type": "zdi", "idList": ["ZDI-21-969"]}, {"type": "mskb", "idList": ["KB5001977", "KB5001993"]}, {"type": "mscve", "idList": ["MS:CVE-2021-34501"]}, {"type": "kaspersky", "idList": ["KLA12220"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"]}], "modified": "2021-08-28T09:38:17", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-28T09:38:17", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001973", "msrc": "", "mscve": "CVE-2021-34501", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4484470", "KB4475595", "KB4493192", "KB4484270", "KB4462169", "KB4493229", "KB4504714", "KB4493160", "KB4486750", "KB4475511", "KB5001943", "KB4484451", "KB4475528", "KB4484223", "KB4461633", "KB4486713", "KB4484503", "KB4484141", "KB4484290", "KB4011027", "KB4486674", "KB5001914"], "parentseeds": [], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-28T09:38:17", "differentElements": ["cvelist", "description", "title"], "edition": 5}, {"bulletin": {"id": "KB5001973", "hash": "e142415fcf027777c1ee2441462a5910", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: July 13, 2021 (KB5001973)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Office Online Server spoofing\nvulnerability and Microsoft Excel remote code execution vulnerability. To\nlearn more, see [Microsoft Common Vulnerabilities and Exposures\nCVE-2021-34451](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34451) and [Microsoft Common Vulnerabilities and\nExposures CVE-2021-34501](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34501).\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\n **Note:** Support for Windows Server 2019 has been added for Office Online\nServer.\n\nUsing TLS 1.1 and TLS 1.2 together with Office Online Server requires strong\ncryptography in .NET Framework 4.5 and later versions. This update enables the\nstrong cryptography in .NET Framework 4.5 or later by adding the following\nregistry keys. After you install this update, you don't have to manually\nenable strong cryptography, as you would otherwise have to do by following the\nsteps in the first section of [Enable TLS 1.1 and TLS 1.2 support in Office\nOnline Server](https://docs.microsoft.com/officeonlineserver/enable-\ntls-1-1-and-tls-1-2-support-in-office-online-server). \n \nWindows Registry Editor Version\n5.00[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Wow6432Node\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001973)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001973 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=2e2849ad-a75c-492a-a7eb-d526558007ce)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: July 13, 2021 (KB5004480)](/en-us/topic/security-update-\ndeployment-information-july-13-2021-kb5004480-24aa34b8-b210-41cf-\nadbb-44b8a9ae84dc).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[5001943](https://support.microsoft.com/kb/5001943).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nwacserver2019-kb5001973-fullfile-x64-glb.exe|\n04E78403CAB7C5FA7FF1C90C9BCF4891C2E37176C1CB7B5352665149B8FEC871 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001973](https://download.microsoft.com/download/7/c/6/7c64397f-3c99-4390-84eb-95048300256e/5001973.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34451", "CVE-2021-34501"], "immutableFields": [], "lastseen": "2021-09-03T09:32:36", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-34501", "CVE-2021-34451"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "MACOS_MS21_JUL_OFFICE.NASL", "SMB_NT_MS21_JUL_EXCEL.NASL"]}, {"type": "mscve", "idList": ["MS:CVE-2021-34451", "MS:CVE-2021-34501"]}, {"type": "mskb", "idList": ["KB5001977", "KB5001993"]}, {"type": "zdi", "idList": ["ZDI-21-969"]}, {"type": "kaspersky", "idList": ["KLA12220"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"]}], "modified": "2021-09-03T09:32:36", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-03T09:32:36", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001973", "msrc": "", "mscve": "CVE-2021-34501", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486713", "KB4486674", "KB4493160", "KB4475528", "KB4475595", "KB5001943", "KB4484470", "KB4484503", "KB4504714", "KB4484451", "KB4484254", "KB4475511", "KB4493192", "KB4484270", "KB5001914", "KB4493229", "KB4484223", "KB4011027", "KB4484141", "KB4461633", "KB4486750", "KB4462169", "KB4484290"], "parentseeds": [], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-03T09:32:36", "differentElements": ["cvelist", "description", "title"], "edition": 6}, {"bulletin": {"id": "KB5001973", "hash": "1f078817a7a84002dc8fbe280ee5b1ca", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-07-13", "description": "", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34501"], "immutableFields": [], "lastseen": "2021-09-04T09:40:13", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-34501"]}, {"type": "mskb", "idList": ["KB5001993", "KB5001977"]}, {"type": "zdi", "idList": ["ZDI-21-969"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_JUL_EXCEL.NASL", "SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "MACOS_MS21_JUL_OFFICE.NASL"]}, {"type": "mscve", "idList": ["MS:CVE-2021-34501"]}, {"type": "kaspersky", "idList": ["KLA12220"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"]}], "modified": "2021-09-04T09:40:13", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-09-04T09:40:13", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001973", "msrc": "", "mscve": "CVE-2021-34501", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484451", "KB5001943", "KB4484290", "KB4486674", "KB4461633", "KB4475528", "KB4486713", "KB4484141", "KB4484223", "KB4493192", "KB5001914", "KB4484254", "KB4493160", "KB4484503", "KB4486750", "KB4504714", "KB4475595", "KB4462169", "KB4484470", "KB4493229", "KB4484270", "KB4475511", "KB4011027"], "parentseeds": [], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-04T09:40:13", "differentElements": ["cvelist", "description", "title"], "edition": 7}, {"bulletin": {"id": "KB5001973", "hash": "e142415fcf027777c1ee2441462a5910", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: July 13, 2021 (KB5001973)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Office Online Server spoofing\nvulnerability and Microsoft Excel remote code execution vulnerability. To\nlearn more, see [Microsoft Common Vulnerabilities and Exposures\nCVE-2021-34451](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34451) and [Microsoft Common Vulnerabilities and\nExposures CVE-2021-34501](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-34501).\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\n **Note:** Support for Windows Server 2019 has been added for Office Online\nServer.\n\nUsing TLS 1.1 and TLS 1.2 together with Office Online Server requires strong\ncryptography in .NET Framework 4.5 and later versions. This update enables the\nstrong cryptography in .NET Framework 4.5 or later by adding the following\nregistry keys. After you install this update, you don't have to manually\nenable strong cryptography, as you would otherwise have to do by following the\nsteps in the first section of [Enable TLS 1.1 and TLS 1.2 support in Office\nOnline Server](https://docs.microsoft.com/officeonlineserver/enable-\ntls-1-1-and-tls-1-2-support-in-office-online-server). \n \nWindows Registry Editor Version\n5.00[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001[HKEY_LOCAL_MACHINE\\\\\\SOFTWARE\\\\\\Wow6432Node\\\\\\Microsoft\\\\\\\\.NETFramework\\\\\\v4.0.30319] \n\"SchUseStrongCrypto\"=dword:00000001 \n\"SystemDefaultTlsVersions\"=dword:00000001\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001973)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001973 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=2e2849ad-a75c-492a-a7eb-d526558007ce)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: July 13, 2021 (KB5004480)](/en-us/topic/security-update-\ndeployment-information-july-13-2021-kb5004480-24aa34b8-b210-41cf-\nadbb-44b8a9ae84dc).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[5001943](https://support.microsoft.com/kb/5001943).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nwacserver2019-kb5001973-fullfile-x64-glb.exe|\n04E78403CAB7C5FA7FF1C90C9BCF4891C2E37176C1CB7B5352665149B8FEC871 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001973](https://download.microsoft.com/download/7/c/6/7c64397f-3c99-4390-84eb-95048300256e/5001973.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-07-13T07:00:00", "modified": "2021-07-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-34451", "CVE-2021-34501"], "immutableFields": [], "lastseen": "2021-09-06T10:50:29", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-34451", "CVE-2021-34501"]}, {"type": "nessus", "idList": ["MACOS_MS21_JUL_OFFICE.NASL", "SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "SMB_NT_MS21_JUL_EXCEL.NASL"]}, {"type": "mscve", "idList": ["MS:CVE-2021-34501", "MS:CVE-2021-34451"]}, {"type": "mskb", "idList": ["KB5001993", "KB5001977", "KB5001986"]}, {"type": "zdi", "idList": ["ZDI-21-969"]}, {"type": "kaspersky", "idList": ["KLA12220"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"]}], "modified": "2021-09-06T10:50:29", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-06T10:50:29", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001973", "msrc": "", "mscve": "CVE-2021-34501", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486750", "KB4484503", "KB4493192", "KB4475511", "KB4475528", "KB4011027", "KB4462169", "KB4484254", "KB5001914", "KB4493229", "KB4486713", "KB4493160", "KB5001943", "KB4484270", "KB4484141", "KB4504714", "KB4484470", "KB4486674", "KB4484223", "KB4461633", "KB4475595", "KB4484451", "KB4484290"], "parentseeds": [], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:50:29", "differentElements": ["parentseeds"], "edition": 8}], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-34451", "CVE-2021-34501"]}, {"type": "nessus", "idList": ["MACOS_MS21_JUL_OFFICE.NASL", "SMB_NT_MS21_JUL_OFFICE_WEB.NASL", "SMB_NT_MS21_JUL_EXCEL.NASL"]}, {"type": "mscve", "idList": ["MS:CVE-2021-34451", "MS:CVE-2021-34501"]}, {"type": "zdi", "idList": ["ZDI-21-969"]}, {"type": "mskb", "idList": ["KB5001993", "KB5001986", "KB5001977"]}, {"type": "kaspersky", "idList": ["KLA12220"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4"]}], "modified": "2021-09-15T20:12:00", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-15T20:12:00", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001973", "msrc": "", "mscve": "CVE-2021-34501", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4462169", "KB4493229", "KB4484141", "KB4011027", "KB4504714", "KB4486713", "KB4484290", "KB4475528", "KB5001914", "KB4475595", "KB4484223", "KB4486750", "KB4493160", "KB4484503", "KB4484254", "KB4475511", "KB4484270", "KB4484470", "KB4484451", "KB4493192", "KB5001943", "KB4461633"], "parentseeds": ["KB5001999"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB5001914", "hash": "83406a10c8a42d4163bab95f84b565f9", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: May 11, 2021 (KB5001914)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel remote code execution\nvulnerability and Office information disclosure vulnerability. To learn more,\nsee the following security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31174](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31174)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31175](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31175)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31177](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31177)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31178](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31178)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31179](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31179)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001914)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001914 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=1fb124f1-cb15-4104-b068-7d040204bdd1)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: May 11, 2021](/en-us/topic/security-update-deployment-\ninformation-may-11-2021-kb5001871-b23ea9f6-2510-4bd1-8575-2ecbb6fa7886).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4504714](https://support.microsoft.com/kb/4504714).\n\n### File hash information\n\nFile name| | SHA256 hash \n---|---|--- \nwacserver2019-kb5001914-fullfile-x64-glb.exe| |\nC33A6A5F9CF3127354AA4C9F43AB09A2785C6988550B8B200883C3DA41023085 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001914](https://download.microsoft.com/download/6/6/3/66370ab0-579c-4378-83aa-1d55fe6dd70a/5001914.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-05-11T07:00:00", "modified": "2021-05-11T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001914", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-31175", "CVE-2021-31174", "CVE-2021-31179", "CVE-2021-31177", "CVE-2021-31178"], "immutableFields": [], "lastseen": "2021-09-15T20:11:12", "history": [{"bulletin": {"id": "KB5001914", "hash": "d8ba7f63e897cb2fc08512bf48d57277", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: May 11, 2021 (KB5001914)", "description": "# Description of the security update for Office Online Server: May 11, 2021\n(KB5001914)\n\n## Summary\n\nThis security update resolves a Microsoft Excel remote code execution\nvulnerability and Office information disclosure vulnerability. To learn more,\nsee the following security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31174](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31174)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31175](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31175)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31177](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31177)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31178](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31178)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31179](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31179)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001914)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001914 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=1fb124f1-cb15-4104-b068-7d040204bdd1)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: May 11, 2021](/en-us/topic/security-update-deployment-\ninformation-may-11-2021-kb5001871-b23ea9f6-2510-4bd1-8575-2ecbb6fa7886).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4504714](https://support.microsoft.com/kb/4504714).\n\n### File hash information\n\nFile name| | SHA256 hash \n---|---|--- \nwacserver2019-kb5001914-fullfile-x64-glb.exe| |\nC33A6A5F9CF3127354AA4C9F43AB09A2785C6988550B8B200883C3DA41023085 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001914](https://download.microsoft.com/download/6/6/3/66370ab0-579c-4378-83aa-1d55fe6dd70a/5001914.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-05-11T07:00:00", "modified": "2021-05-11T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/5001914", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-31175", "CVE-2021-31179", "CVE-2021-31174", "CVE-2021-31177", "CVE-2021-31178"], "immutableFields": [], "lastseen": "2021-07-25T00:03:41", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-25T00:03:41", "references": [{"idList": ["ZDI-21-576", "ZDI-21-580"], "type": "zdi"}, {"idList": ["CVE-2021-31175", "CVE-2021-31179", "CVE-2021-31174", "CVE-2021-31177", "CVE-2021-31178"], "type": "cve"}, {"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31174/", "MSF:ILITIES/MSFT-CVE-2021-31175/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31178/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31177/", "MSF:ILITIES/MSFT-CVE-2021-31179/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/"], "type": "metasploit"}, {"idList": ["SMB_NT_MS21_MAY_OFFICE_WEB.NASL", "SMB_NT_MS21_MAY_EXCEL.NASL", "SMB_NT_MS21_MAY_OFFICE.NASL", "MACOS_MS21_MAY_OFFICE.NASL"], "type": "nessus"}, {"idList": ["KB5001936", "KB5001927", "KB5001918", "KB5001928", "KB5001923"], "type": "mskb"}, {"idList": ["THN:76EF51D1EBDAA5B92DD55E9E74F5B542"], "type": "thn"}, {"idList": ["MS:CVE-2021-31174", "MS:CVE-2021-31177", "MS:CVE-2021-31179", "MS:CVE-2021-31178", "MS:CVE-2021-31175"], "type": "mscve"}, {"idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"], "type": "rapid7blog"}, {"idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"], "type": "qualysblog"}], "rev": 2}, "score": {"modified": "2021-07-25T00:03:41", "rev": 2, "value": 5.3, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB5001914", "msrc": "", "mscve": "CVE-2021-31179", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4493160", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486750", "KB4486713", "KB4484141", "KB4486674", "KB4504714", "KB4493229", "KB4484290", "KB4493192", "KB4484254"], "parentseeds": ["KB5001943", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-25T00:03:41", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "title"], "edition": 1}, {"bulletin": {"id": "KB5001914", "hash": "a3629460858c14e1fa39d770d9a6fadfbee23888dc039a29a353487955fc1e1f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-05-11", "description": "", "published": "2021-05-11T07:00:00", "modified": "2021-05-11T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001914", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-31179"], "immutableFields": [], "lastseen": "2021-07-27T10:16:21", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-31179"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/", "MSF:ILITIES/MSFT-CVE-2021-31179/"]}, {"type": "mskb", "idList": ["KB5001927", "KB5001928", "KB5001936", "KB5001918", "KB5001923"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31179"]}, {"type": "thn", "idList": ["THN:76EF51D1EBDAA5B92DD55E9E74F5B542"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_MAY_EXCEL.NASL", "SMB_NT_MS21_MAY_OFFICE.NASL", "SMB_NT_MS21_MAY_OFFICE_WEB.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}], "modified": "2021-07-27T10:16:21", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-07-27T10:16:21", "rev": 2}}, "objectVersion": "1.5", "kb": "KB5001914", "msrc": "", "mscve": "CVE-2021-31179", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4504714", "KB4484290", "KB4486713", "KB4484270", "KB4475511", "KB4493160", "KB4486674", "KB4011027", "KB4484470", "KB4484254", "KB4484503", "KB4493229", "KB4462169", "KB4461633", "KB4475528", "KB4493192", "KB4486750", "KB4484223", "KB4484451"], "parentseeds": ["KB5001973", "KB5001943"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:16:21", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds"], "edition": 2}, {"bulletin": {"id": "KB5001914", "hash": "1c43261e11951ebf31d47cd6995a1af5a4166c337be2033683ac865e11bc8087", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-05-11", "description": "", "published": "2021-05-11T07:00:00", "modified": "2021-05-11T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/5001914", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-31179"], "immutableFields": [], "lastseen": "2021-07-27T10:16:21", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-27T10:16:21", "references": [{"idList": ["MSF:ILITIES/MSFT-CVE-2021-31179/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/"], "type": "metasploit"}, {"idList": ["KB5001936", "KB5001927", "KB5001918", "KB5001928", "KB5001923"], "type": "mskb"}, {"idList": ["SMB_NT_MS21_MAY_OFFICE_WEB.NASL", "SMB_NT_MS21_MAY_EXCEL.NASL", "SMB_NT_MS21_MAY_OFFICE.NASL"], "type": "nessus"}, {"idList": ["CVE-2021-31179"], "type": "cve"}, {"idList": ["THN:76EF51D1EBDAA5B92DD55E9E74F5B542"], "type": "thn"}, {"idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"], "type": "rapid7blog"}, {"idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"], "type": "qualysblog"}, {"idList": ["MS:CVE-2021-31179"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:16:21", "rev": 2, "value": 5.2, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:16:21", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds", "title"], "edition": 3}, {"bulletin": {"id": "KB5001914", "hash": "a9dddf62d939f51373f07d2cdb90b4a2", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: May 11, 2021 (KB5001914)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel remote code execution\nvulnerability and Office information disclosure vulnerability. To learn more,\nsee the following security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31174](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31174)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31175](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31175)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31177](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31177)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31178](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31178)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31179](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31179)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001914)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001914 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=1fb124f1-cb15-4104-b068-7d040204bdd1)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: May 11, 2021](/en-us/topic/security-update-deployment-\ninformation-may-11-2021-kb5001871-b23ea9f6-2510-4bd1-8575-2ecbb6fa7886).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4504714](https://support.microsoft.com/kb/4504714).\n\n### File hash information\n\nFile name| | SHA256 hash \n---|---|--- \nwacserver2019-kb5001914-fullfile-x64-glb.exe| |\nC33A6A5F9CF3127354AA4C9F43AB09A2785C6988550B8B200883C3DA41023085 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001914](https://download.microsoft.com/download/6/6/3/66370ab0-579c-4378-83aa-1d55fe6dd70a/5001914.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-05-11T07:00:00", "modified": "2021-05-11T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001914", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-31178", "CVE-2021-31175", "CVE-2021-31179", "CVE-2021-31177", "CVE-2021-31174"], "immutableFields": [], "lastseen": "2021-08-12T23:53:26", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_MAY_OFFICE_WEB.NASL", "MACOS_MS21_MAY_OFFICE.NASL", "SMB_NT_MS21_MAY_EXCEL.NASL", "SMB_NT_MS21_MAY_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB5001918", "KB5001927", "KB5001928", "KB5001923", "KB5001936"]}, {"type": "cve", "idList": ["CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31177"]}, {"type": "thn", "idList": ["THN:76EF51D1EBDAA5B92DD55E9E74F5B542"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/", "MSF:ILITIES/MSFT-CVE-2021-31175/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31178/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31177/", "MSF:ILITIES/MSFT-CVE-2021-31179/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31174/"]}, {"type": "kaspersky", "idList": ["KLA12175"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31178", "MS:CVE-2021-31179", "MS:CVE-2021-31175", "MS:CVE-2021-31177", "MS:CVE-2021-31174"]}, {"type": "zdi", "idList": ["ZDI-21-580", "ZDI-21-576"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}], "modified": "2021-08-12T23:53:26", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-08-12T23:53:26", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001914", "msrc": "", "mscve": "CVE-2021-31179", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484223", "KB4484141", "KB4484470", "KB4475511", "KB4475595", "KB4011027", "KB4484270", "KB4486713", "KB4462169", "KB4504714", "KB4493229", "KB4493192", "KB4484254", "KB4486674", "KB4484451", "KB4484290", "KB4461633", "KB4493160", "KB4475528", "KB4484503", "KB4486750"], "parentseeds": ["KB5001973", "KB5001943"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:53:26", "differentElements": ["cvelist", "description", "title"], "edition": 4}, {"bulletin": {"id": "KB5001914", "hash": "37d320f761b3983b5a472d0c9ee301be", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-05-11", "description": "", "published": "2021-05-11T07:00:00", "modified": "2021-05-11T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001914", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-31179"], "immutableFields": [], "lastseen": "2021-08-28T09:38:04", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-31179"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/", "MSF:ILITIES/MSFT-CVE-2021-31179/"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31179"]}, {"type": "mskb", "idList": ["KB5001927", "KB5001923", "KB5001928", "KB5001936", "KB5001918"]}, {"type": "thn", "idList": ["THN:76EF51D1EBDAA5B92DD55E9E74F5B542"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_MAY_OFFICE.NASL", "SMB_NT_MS21_MAY_OFFICE_WEB.NASL", "SMB_NT_MS21_MAY_EXCEL.NASL"]}, {"type": "kaspersky", "idList": ["KLA12175"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}], "modified": "2021-08-28T09:38:04", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-08-28T09:38:04", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001914", "msrc": "", "mscve": "CVE-2021-31179", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4484470", "KB4475595", "KB4493192", "KB4484270", "KB4462169", "KB4493229", "KB4504714", "KB4493160", "KB4486750", "KB4475511", "KB4484451", "KB4475528", "KB4484223", "KB4461633", "KB4486713", "KB4484503", "KB4484141", "KB4484290", "KB4011027", "KB4486674"], "parentseeds": ["KB5001973", "KB5001943"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-28T09:38:04", "differentElements": ["cvelist", "description", "title"], "edition": 5}, {"bulletin": {"id": "KB5001914", "hash": "a9dddf62d939f51373f07d2cdb90b4a2", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: May 11, 2021 (KB5001914)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel remote code execution\nvulnerability and Office information disclosure vulnerability. To learn more,\nsee the following security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31174](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31174)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31175](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31175)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31177](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31177)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31178](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31178)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31179](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31179)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001914)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001914 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=1fb124f1-cb15-4104-b068-7d040204bdd1)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: May 11, 2021](/en-us/topic/security-update-deployment-\ninformation-may-11-2021-kb5001871-b23ea9f6-2510-4bd1-8575-2ecbb6fa7886).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4504714](https://support.microsoft.com/kb/4504714).\n\n### File hash information\n\nFile name| | SHA256 hash \n---|---|--- \nwacserver2019-kb5001914-fullfile-x64-glb.exe| |\nC33A6A5F9CF3127354AA4C9F43AB09A2785C6988550B8B200883C3DA41023085 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001914](https://download.microsoft.com/download/6/6/3/66370ab0-579c-4378-83aa-1d55fe6dd70a/5001914.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-05-11T07:00:00", "modified": "2021-05-11T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/5001914", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31175", "CVE-2021-31179", "CVE-2021-31174"], "immutableFields": [], "lastseen": "2021-09-06T10:49:44", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_MAY_OFFICE_WEB.NASL", "MACOS_MS21_MAY_OFFICE.NASL", "SMB_NT_MS21_MAY_OFFICE.NASL", "SMB_NT_MS21_MAY_EXCEL.NASL"]}, {"type": "mskb", "idList": ["KB5001936", "KB5001928", "KB5001918", "KB5001923", "KB5001927"]}, {"type": "cve", "idList": ["CVE-2021-31174", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31175", "CVE-2021-31179"]}, {"type": "thn", "idList": ["THN:76EF51D1EBDAA5B92DD55E9E74F5B542"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31178/", "MSF:ILITIES/MSFT-CVE-2021-31175/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31177/", "MSF:ILITIES/MSFT-CVE-2021-31179/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31174/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/"]}, {"type": "kaspersky", "idList": ["KLA12175"]}, {"type": "zdi", "idList": ["ZDI-21-580", "ZDI-21-576"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31177", "MS:CVE-2021-31178", "MS:CVE-2021-31179", "MS:CVE-2021-31175", "MS:CVE-2021-31174"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}], "modified": "2021-09-06T10:49:44", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-09-06T10:49:44", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001914", "msrc": "", "mscve": "CVE-2021-31179", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486750", "KB4484503", "KB4493192", "KB4475528", "KB4475511", "KB4011027", "KB4462169", "KB4484254", "KB4493229", "KB4486713", "KB4493160", "KB4484270", "KB4484141", "KB4504714", "KB4484470", "KB4486674", "KB4484223", "KB4461633", "KB4475595", "KB4484451", "KB4484290"], "parentseeds": ["KB5001943", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:49:44", "differentElements": ["parentseeds"], "edition": 6}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_MAY_EXCEL.NASL", "SMB_NT_MS21_MAY_OFFICE_WEB.NASL", "SMB_NT_MS21_MAY_OFFICE.NASL", "MACOS_MS21_MAY_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB5001918", "KB5001936", "KB5001923", "KB5001927", "KB5001928"]}, {"type": "cve", "idList": ["CVE-2021-31178", "CVE-2021-31175", "CVE-2021-31179", "CVE-2021-31177", "CVE-2021-31174"]}, {"type": "thn", "idList": ["THN:76EF51D1EBDAA5B92DD55E9E74F5B542"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31174/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31177/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31178/", "MSF:ILITIES/MSFT-CVE-2021-31175/", "MSF:ILITIES/MSFT-CVE-2021-31179/"]}, {"type": "kaspersky", "idList": ["KLA12175"]}, {"type": "zdi", "idList": ["ZDI-21-576", "ZDI-21-580"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31175", "MS:CVE-2021-31179", "MS:CVE-2021-31174", "MS:CVE-2021-31178", "MS:CVE-2021-31177"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}], "modified": "2021-09-15T20:11:12", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-09-15T20:11:12", "rev": 2}}, "objectVersion": "1.6", "kb": "KB5001914", "msrc": "", "mscve": "CVE-2021-31179", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4462169", "KB4493229", "KB4484141", "KB4011027", "KB4504714", "KB4486713", "KB4484290", "KB4475528", "KB4475595", "KB4484223", "KB4493160", "KB4486750", "KB4484503", "KB4484254", "KB4475511", "KB4484270", "KB4484470", "KB4484451", "KB4493192", "KB4461633"], "parentseeds": ["KB5001999", "KB5001943", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB4504714", "hash": "7cc72abb498c082254c43378f447a2a0", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: April 13, 2021 (KB4504714)", "description": "None\n\n## Summary\n\nThis security update resolves Microsoft Word remote code execution\nvulnerability, Microsoft Excel remote code execution vulnerability, and\nMicrosoft Excel information disclosure vulnerability. To learn more, see the\nfollowing security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28451](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28451)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28453](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28453)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28454](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28454)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28456](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28456)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4504714)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4504714 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=6e3696c7-4e43-44f1-a3ce-ef3f6a3b4a6e )\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: April 13, 2021 (KB5001866)](/en-us/topic/security-update-\ndeployment-information-\napril-13-2021-kb5001866-fd920b95-77d5-472a-82a1-5affee49d6a3).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493229](https://support.microsoft.com/kb/4493229).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4504714-fullfile-x64-glb.exe|\n45ADD0367491A86100BB90D215A186ECE05E1457|\nEA7F490426AA0ACCA602ABB7E7467F406038F416F595C79837F01419C9BAAD1D \n \n### File information\n\nDownload [the list of files that are included in security update\n4504714](https://download.microsoft.com/download/e/f/f/effcae81-334d-4211-9bf0-efed7cbf32d7/4504714.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-04-13T07:00:00", "modified": "2021-04-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4504714", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-28454", "CVE-2021-28451", "CVE-2021-28453", "CVE-2021-28456"], "immutableFields": [], "lastseen": "2021-09-15T20:00:53", "history": [{"bulletin": {"id": "KB4504714", "hash": "34f6d032ca803ed2a5dafca2780e1504", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: April 13, 2021 (KB4504714)", "description": "# Description of the security update for Office Online Server: April 13, 2021\n(KB4504714)\n\n## Summary\n\nThis security update resolves Microsoft Word remote code execution\nvulnerability, Microsoft Excel remote code execution vulnerability, and\nMicrosoft Excel information disclosure vulnerability. To learn more, see the\nfollowing security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28451](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28451)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28453](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28453)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28454](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28454)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28456](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28456)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4504714)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4504714 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=6e3696c7-4e43-44f1-a3ce-ef3f6a3b4a6e )\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: April 13, 2021 (KB5001866)](/en-us/topic/security-update-\ndeployment-information-\napril-13-2021-kb5001866-fd920b95-77d5-472a-82a1-5affee49d6a3).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493229](https://support.microsoft.com/kb/4493229).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4504714-fullfile-x64-glb.exe|\n45ADD0367491A86100BB90D215A186ECE05E1457|\nEA7F490426AA0ACCA602ABB7E7467F406038F416F595C79837F01419C9BAAD1D \n \n### File information\n\nDownload [the list of files that are included in security update\n4504714](https://download.microsoft.com/download/e/f/f/effcae81-334d-4211-9bf0-efed7cbf32d7/4504714.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-04-13T07:00:00", "modified": "2021-04-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4504714", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-28454", "CVE-2021-28453", "CVE-2021-28456", "CVE-2021-28451"], "immutableFields": [], "lastseen": "2021-07-24T23:45:42", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-24T23:45:42", "references": [{"idList": ["KB3017810", "KB4504721", "KB4504739", "KB4504729", "KB4504724", "KB4504701", "KB4504727", "KB4504715", "KB4504735", "KB4504705"], "type": "mskb"}, {"idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"], "type": "krebs"}, {"idList": ["CVE-2021-28454", "CVE-2021-28453", "CVE-2021-28456", "CVE-2021-28451"], "type": "cve"}, {"idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"], "type": "rapid7blog"}, {"idList": ["ZDI-21-423", "ZDI-21-410"], "type": "zdi"}, {"idList": ["MSF:ILITIES/MSFT-CVE-2021-28451/"], "type": "metasploit"}, {"idList": ["MS:CVE-2021-28456", "MS:CVE-2021-28451", "MS:CVE-2021-28454", "MS:CVE-2021-28453"], "type": "mscve"}, {"idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"], "type": "threatpost"}, {"idList": ["SMB_NT_MS21_APR_EXCEL.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019_LANGUAGE.NASL", "SMB_NT_MS21_APR_OFFICE_WEB.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_APR_OFFICE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_APR_WORD.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2013.NASL", "MACOS_MS21_APR_OFFICE.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-07-24T23:45:42", "rev": 2, "value": 5.5, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4504714", "msrc": "", "mscve": "CVE-2021-28451", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4493160", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486750", "KB4486713", "KB4484141", "KB4486674", "KB4493229", "KB4484290", "KB4493192", "KB4484254"], "parentseeds": ["KB5001943", "KB5001973", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-24T23:45:42", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "title"], "edition": 1}, {"bulletin": {"id": "KB4504714", "hash": "ac1707c4f2d98a28a5f9c7b4de441ce4094538f1cef8dcacdc699799e4787d91", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-04-13", "description": "", "published": "2021-04-13T07:00:00", "modified": "2021-04-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4504714", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-28451"], "immutableFields": [], "lastseen": "2021-07-27T10:13:52", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:52", "references": [{"idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"], "type": "krebs"}, {"idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"], "type": "rapid7blog"}, {"idList": ["KB4504729"], "type": "mskb"}, {"idList": ["CVE-2021-28451"], "type": "cve"}, {"idList": ["SMB_NT_MS21_APR_EXCEL.NASL", "SMB_NT_MS21_APR_OFFICE_WEB.NASL", "MACOS_MS21_APR_OFFICE.NASL"], "type": "nessus"}, {"idList": ["MSF:ILITIES/MSFT-CVE-2021-28451/"], "type": "metasploit"}, {"idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"], "type": "threatpost"}, {"idList": ["MS:CVE-2021-28451"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:52", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4504714", "msrc": "", "mscve": "CVE-2021-28451", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4484290", "KB4486713", "KB4484270", "KB4475511", "KB4493160", "KB4486674", "KB4011027", "KB4484470", "KB4484254", "KB4484503", "KB4493229", "KB4462169", "KB4461633", "KB4475528", "KB4493192", "KB4486750", "KB4484223", "KB4484451"], "parentseeds": ["KB5001973", "KB5001943", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:52", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds"], "edition": 2}, {"bulletin": {"id": "KB4504714", "hash": "e8c75a8dafc9c19263896834f4e938ad235d7c86f18ee23b63ecc0bdeb38f6a4", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-04-13", "description": "", "published": "2021-04-13T07:00:00", "modified": "2021-04-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4504714", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-28451"], "immutableFields": [], "lastseen": "2021-07-27T10:13:52", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:52", "references": [{"idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"], "type": "krebs"}, {"idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"], "type": "rapid7blog"}, {"idList": ["KB4504729"], "type": "mskb"}, {"idList": ["CVE-2021-28451"], "type": "cve"}, {"idList": ["SMB_NT_MS21_APR_EXCEL.NASL", "SMB_NT_MS21_APR_OFFICE_WEB.NASL", "MACOS_MS21_APR_OFFICE.NASL"], "type": "nessus"}, {"idList": ["MSF:ILITIES/MSFT-CVE-2021-28451/"], "type": "metasploit"}, {"idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"], "type": "threatpost"}, {"idList": ["MS:CVE-2021-28451"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:52", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:52", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds", "title"], "edition": 3}, {"bulletin": {"id": "KB4504714", "hash": "271a70dd674547a9295ddddf7e8fe286", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: April 13, 2021 (KB4504714)", "description": "# Description of the security update for Office Online Server: April 13, 2021\n(KB4504714)\n\n## Summary\n\nThis security update resolves Microsoft Word remote code execution\nvulnerability, Microsoft Excel remote code execution vulnerability, and\nMicrosoft Excel information disclosure vulnerability. To learn more, see the\nfollowing security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28451](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28451)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28453](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28453)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28454](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28454)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28456](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28456)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4504714)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4504714 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=6e3696c7-4e43-44f1-a3ce-ef3f6a3b4a6e )\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: April 13, 2021 (KB5001866)](/en-us/topic/security-update-\ndeployment-information-\napril-13-2021-kb5001866-fd920b95-77d5-472a-82a1-5affee49d6a3).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493229](https://support.microsoft.com/kb/4493229).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4504714-fullfile-x64-glb.exe|\n45ADD0367491A86100BB90D215A186ECE05E1457|\nEA7F490426AA0ACCA602ABB7E7467F406038F416F595C79837F01419C9BAAD1D \n \n### File information\n\nDownload [the list of files that are included in security update\n4504714](https://download.microsoft.com/download/e/f/f/effcae81-334d-4211-9bf0-efed7cbf32d7/4504714.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-04-13T07:00:00", "modified": "2021-04-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4504714", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-28454", "CVE-2021-28456", "CVE-2021-28453", "CVE-2021-28451"], "immutableFields": [], "lastseen": "2021-08-01T10:15:05", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_APR_WORD.NASL", "SMB_NT_MS21_APR_OFFICE_WEB.NASL", "SMB_NT_MS21_APR_OFFICE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019_LANGUAGE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_APR_EXCEL.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS21_APR_OFFICE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019.NASL"]}, {"type": "mskb", "idList": ["KB4504729", "KB4504715", "KB4504701", "KB4504739", "KB4504724", "KB4493208", "KB3017810", "KB4504727", "KB4504735", "KB4504721"]}, {"type": "cve", "idList": ["CVE-2021-28453", "CVE-2021-28456", "CVE-2021-28451", "CVE-2021-28454"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-28451/"]}, {"type": "threatpost", "idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"]}, {"type": "krebs", "idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"]}, {"type": "mscve", "idList": ["MS:CVE-2021-28453", "MS:CVE-2021-28454", "MS:CVE-2021-28456", "MS:CVE-2021-28451"]}, {"type": "zdi", "idList": ["ZDI-21-423", "ZDI-21-410"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"]}], "modified": "2021-08-01T10:15:05", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-08-01T10:15:05", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4504714", "msrc": "", "mscve": "CVE-2021-28451", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484223", "KB4484141", "KB4493160", "KB4475511", "KB4011027", "KB4493192", "KB4486674", "KB4462169", "KB4484254", "KB4484451", "KB4475595", "KB4484503", "KB4484470", "KB4493229", "KB4486750", "KB4461633", "KB4486713", "KB4484290", "KB4475528", "KB4484270"], "parentseeds": ["KB5001973", "KB5001914", "KB5001943"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-01T10:15:05", "differentElements": ["description"], "edition": 4}, {"bulletin": {"id": "KB4504714", "hash": "a7ded3dd5023c09c3e46d71c151c4699", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: April 13, 2021 (KB4504714)", "description": "None\n\n## Summary\n\nThis security update resolves Microsoft Word remote code execution\nvulnerability, Microsoft Excel remote code execution vulnerability, and\nMicrosoft Excel information disclosure vulnerability. To learn more, see the\nfollowing security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28451](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28451)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28453](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28453)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28454](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28454)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28456](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28456)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4504714)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4504714 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=6e3696c7-4e43-44f1-a3ce-ef3f6a3b4a6e )\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: April 13, 2021 (KB5001866)](/en-us/topic/security-update-\ndeployment-information-\napril-13-2021-kb5001866-fd920b95-77d5-472a-82a1-5affee49d6a3).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493229](https://support.microsoft.com/kb/4493229).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4504714-fullfile-x64-glb.exe|\n45ADD0367491A86100BB90D215A186ECE05E1457|\nEA7F490426AA0ACCA602ABB7E7467F406038F416F595C79837F01419C9BAAD1D \n \n### File information\n\nDownload [the list of files that are included in security update\n4504714](https://download.microsoft.com/download/e/f/f/effcae81-334d-4211-9bf0-efed7cbf32d7/4504714.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-04-13T07:00:00", "modified": "2021-04-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4504714", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-28454", "CVE-2021-28456", "CVE-2021-28451", "CVE-2021-28453"], "immutableFields": [], "lastseen": "2021-08-12T23:41:09", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "mskb", "idList": ["KB4504729", "KB4504721", "KB4504715", "KB4504735", "KB4504705", "KB4493208", "KB3017810", "KB4504727", "KB4504724", "KB4504739"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019_LANGUAGE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_APR_OFFICE.NASL", "SMB_NT_MS21_APR_OFFICE_WEB.NASL", "SMB_NT_MS21_APR_WORD.NASL", "SMB_NT_MS21_APR_EXCEL.NASL", "MACOS_MS21_APR_OFFICE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2010.NASL"]}, {"type": "cve", "idList": ["CVE-2021-28454", "CVE-2021-28453", "CVE-2021-28456", "CVE-2021-28451"]}, {"type": "kaspersky", "idList": ["KLA12138"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-28451/"]}, {"type": "krebs", "idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"]}, {"type": "threatpost", "idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"]}, {"type": "mscve", "idList": ["MS:CVE-2021-28454", "MS:CVE-2021-28453", "MS:CVE-2021-28451", "MS:CVE-2021-28456"]}, {"type": "zdi", "idList": ["ZDI-21-410", "ZDI-21-423"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"]}], "modified": "2021-08-12T23:41:09", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-08-12T23:41:09", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4504714", "msrc": "", "mscve": "CVE-2021-28451", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484223", "KB4484141", "KB4484470", "KB4475511", "KB4475595", "KB4011027", "KB4484270", "KB4486713", "KB4462169", "KB4493229", "KB4493192", "KB4484254", "KB4486674", "KB4484451", "KB4484290", "KB4461633", "KB4493160", "KB4475528", "KB4484503", "KB4486750"], "parentseeds": ["KB5001973", "KB5001943", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:41:09", "differentElements": ["cvelist", "description", "title"], "edition": 5}, {"bulletin": {"id": "KB4504714", "hash": "1306438d136e101150ca2d8c32bb6c3a", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-04-13", "description": "", "published": "2021-04-13T07:00:00", "modified": "2021-04-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4504714", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-28451"], "immutableFields": [], "lastseen": "2021-08-29T10:38:18", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-28451"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-28451/"]}, {"type": "mscve", "idList": ["MS:CVE-2021-28451"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_APR_OFFICE_WEB.NASL", "MACOS_MS21_APR_OFFICE.NASL", "SMB_NT_MS21_APR_EXCEL.NASL"]}, {"type": "mskb", "idList": ["KB4504729"]}, {"type": "kaspersky", "idList": ["KLA12138"]}, {"type": "krebs", "idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"]}, {"type": "threatpost", "idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"]}], "modified": "2021-08-29T10:38:18", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-29T10:38:18", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4504714", "msrc": "", "mscve": "CVE-2021-28451", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4493160", "KB4462169", "KB4475511", "KB4484503", "KB4484270", "KB4484451", "KB4484141", "KB4486674", "KB4475528", "KB4493229", "KB4484290", "KB4486713", "KB4493192", "KB4484254", "KB4011027", "KB4461633", "KB4486750", "KB4475595", "KB4484223", "KB4484470"], "parentseeds": ["KB5001973", "KB5001943", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-29T10:38:18", "differentElements": ["cvelist", "description", "title"], "edition": 6}, {"bulletin": {"id": "KB4504714", "hash": "a7ded3dd5023c09c3e46d71c151c4699", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: April 13, 2021 (KB4504714)", "description": "None\n\n## Summary\n\nThis security update resolves Microsoft Word remote code execution\nvulnerability, Microsoft Excel remote code execution vulnerability, and\nMicrosoft Excel information disclosure vulnerability. To learn more, see the\nfollowing security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28451](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28451)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28453](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28453)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28454](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28454)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-28456](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28456)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4504714)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4504714 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=6e3696c7-4e43-44f1-a3ce-ef3f6a3b4a6e )\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: April 13, 2021 (KB5001866)](/en-us/topic/security-update-\ndeployment-information-\napril-13-2021-kb5001866-fd920b95-77d5-472a-82a1-5affee49d6a3).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493229](https://support.microsoft.com/kb/4493229).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4504714-fullfile-x64-glb.exe|\n45ADD0367491A86100BB90D215A186ECE05E1457|\nEA7F490426AA0ACCA602ABB7E7467F406038F416F595C79837F01419C9BAAD1D \n \n### File information\n\nDownload [the list of files that are included in security update\n4504714](https://download.microsoft.com/download/e/f/f/effcae81-334d-4211-9bf0-efed7cbf32d7/4504714.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-04-13T07:00:00", "modified": "2021-04-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4504714", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-28456", "CVE-2021-28454", "CVE-2021-28453", "CVE-2021-28451"], "immutableFields": [], "lastseen": "2021-09-06T10:42:48", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_APR_WORD.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_APR_EXCEL.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_APR_OFFICE.NASL", "MACOS_MS21_APR_OFFICE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019_LANGUAGE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_APR_OFFICE_WEB.NASL"]}, {"type": "mskb", "idList": ["KB4504727", "KB4504739", "KB4493201", "KB4504705", "KB4504729", "KB4504721", "KB3017810", "KB4493198", "KB4504735", "KB4504724"]}, {"type": "cve", "idList": ["CVE-2021-28456", "CVE-2021-28454", "CVE-2021-28453", "CVE-2021-28451"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-28451/"]}, {"type": "kaspersky", "idList": ["KLA12138"]}, {"type": "krebs", "idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"]}, {"type": "threatpost", "idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"]}, {"type": "mscve", "idList": ["MS:CVE-2021-28456", "MS:CVE-2021-28454", "MS:CVE-2021-28453", "MS:CVE-2021-28451"]}, {"type": "zdi", "idList": ["ZDI-21-423", "ZDI-21-410"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"]}], "modified": "2021-09-06T10:42:48", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-09-06T10:42:48", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4504714", "msrc": "", "mscve": "CVE-2021-28451", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486750", "KB4484503", "KB4475511", "KB4475528", "KB4493192", "KB4011027", "KB4462169", "KB4484254", "KB4493229", "KB4486713", "KB4493160", "KB4484270", "KB4484141", "KB4484470", "KB4486674", "KB4484223", "KB4461633", "KB4475595", "KB4484451", "KB4484290"], "parentseeds": ["KB5001914", "KB5001943", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:42:48", "differentElements": ["parentseeds"], "edition": 7}], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_APR_OFFICE_WEB.NASL", "SMB_NT_MS21_APR_OFFICE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019_LANGUAGE.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_APR_WORD.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_APR_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS21_APR_EXCEL.NASL", "MACOS_MS21_APR_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB4504735", "KB3017810", "KB4504739", "KB4504721", "KB4493208", "KB4493218", "KB4504727", "KB4504729", "KB4504724", "KB4493215"]}, {"type": "cve", "idList": ["CVE-2021-28456", "CVE-2021-28453", "CVE-2021-28451", "CVE-2021-28454"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-28451/"]}, {"type": "kaspersky", "idList": ["KLA12138"]}, {"type": "threatpost", "idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"]}, {"type": "krebs", "idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"]}, {"type": "mscve", "idList": ["MS:CVE-2021-28454", "MS:CVE-2021-28451", "MS:CVE-2021-28453", "MS:CVE-2021-28456"]}, {"type": "zdi", "idList": ["ZDI-21-423", "ZDI-21-410"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"]}], "modified": "2021-09-15T20:00:53", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-09-15T20:00:53", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4504714", "msrc": "", "mscve": "CVE-2021-28451", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4462169", "KB4493229", "KB4484141", "KB4011027", "KB4486713", "KB4484290", "KB4475528", "KB4475595", "KB4484223", "KB4493160", "KB4486750", "KB4484503", "KB4484254", "KB4475511", "KB4484270", "KB4484470", "KB4484451", "KB4493192", "KB4461633"], "parentseeds": ["KB5001999", "KB5001914", "KB5001943", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB4493229", "hash": "975d96a0de6735b15282ba2aa7c4b818", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: March 9, 2021 (KB4493229)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27053](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27053)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27054](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27054)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27057](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27057)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update fixes a crash that occurs when you load Open Document Format (ODF)\nfiles that contain charts that include certain kinds of trendlines.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493229)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493229 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=eed19d96-ba2c-49bb-8b65-6177493f5220)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: March 9, 2021 (KB5001208)](/en-us/topic/security-update-\ndeployment-information-\nmarch-9-2021-kb5001208-447f0e23-7611-4746-ba57-37dc2b8a2827).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493192](https://support.microsoft.com/kb/4493192).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493229-fullfile-x64-glb.exe|\nC35F2495DAF2E4559C32469128467F6A475650E7|\n36E246E084E3D43D0A07C90C103199A24784DA9B8E2E58970596367A83D2C761 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493229](https://download.microsoft.com/download/f/d/a/fda2068c-8607-45e6-9f0d-a6ecc02d0724/4493229.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493229", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27054", "CVE-2021-27057", "CVE-2021-27053"], "immutableFields": [], "lastseen": "2021-09-15T19:58:35", "history": [{"bulletin": {"id": "KB4493229", "hash": "5725ba67a679494546b2aded6bbdbdfc", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: March 9, 2021 (KB4493229)", "description": "# Description of the security update for Office Online Server: March 9, 2021\n(KB4493229)\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27053](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27053)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27054](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27054)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27057](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27057)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update fixes a crash that occurs when you load Open Document Format (ODF)\nfiles that contain charts that include certain kinds of trendlines.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493229)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493229 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=eed19d96-ba2c-49bb-8b65-6177493f5220)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: March 9, 2021 (KB5001208)](/en-us/topic/security-update-\ndeployment-information-\nmarch-9-2021-kb5001208-447f0e23-7611-4746-ba57-37dc2b8a2827).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493192](https://support.microsoft.com/kb/4493192).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493229-fullfile-x64-glb.exe|\nC35F2495DAF2E4559C32469128467F6A475650E7|\n36E246E084E3D43D0A07C90C103199A24784DA9B8E2E58970596367A83D2C761 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493229](https://download.microsoft.com/download/f/d/a/fda2068c-8607-45e6-9f0d-a6ecc02d0724/4493229.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4493229", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27057", "CVE-2021-27053", "CVE-2021-27054"], "immutableFields": [], "lastseen": "2021-07-24T23:43:46", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-24T23:43:46", "references": [{"idList": ["ZDI-21-507", "ZDI-21-332", "ZDI-21-334"], "type": "zdi"}, {"idList": ["CVE-2021-27057", "CVE-2021-27053", "CVE-2021-27054"], "type": "cve"}, {"idList": ["SMB_NT_MS21_MAR_EXCEL.NASL", "SMB_NT_MS21_MAR_OFFICE_WEB.NASL", "MACOS_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_OFFICE.NASL"], "type": "nessus"}, {"idList": ["KB4493203", "KB4493234", "KB4493200", "KB4493233", "KB4493214", "KB4504707", "KB4493239"], "type": "mskb"}, {"idList": ["MSF:ILITIES/MSFT-CVE-2021-27053/"], "type": "metasploit"}, {"idList": ["MS:CVE-2021-27057", "MS:CVE-2021-27054", "MS:CVE-2021-27053"], "type": "mscve"}, {"idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-07-24T23:43:46", "rev": 2, "value": 5.2, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4493229", "msrc": "", "mscve": "CVE-2021-27057", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4493160", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486750", "KB4486713", "KB4484141", "KB4486674", "KB4484290", "KB4493192", "KB4484254"], "parentseeds": ["KB5001943", "KB5001973", "KB4504714", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-24T23:43:46", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "title"], "edition": 1}, {"bulletin": {"id": "KB4493229", "hash": "822f1b0c979d3d6a1d10f6f4ea04be626e104b400ae57d81a5a8a0a196e3943c", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-03-09", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493229", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27057"], "immutableFields": [], "lastseen": "2021-07-27T10:13:30", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:30", "references": [{"idList": ["CVE-2021-27057"], "type": "cve"}, {"idList": ["SMB_NT_MS21_MAR_EXCEL.NASL", "SMB_NT_MS21_MAR_OFFICE_WEB.NASL", "MACOS_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_OFFICE.NASL"], "type": "nessus"}, {"idList": ["ZDI-21-334"], "type": "zdi"}, {"idList": ["MS:CVE-2021-27057"], "type": "mscve"}, {"idList": ["KB4493234", "KB4493200", "KB4493233"], "type": "mskb"}, {"idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:30", "rev": 2, "value": 6.2, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4493229", "msrc": "", "mscve": "CVE-2021-27057", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4484290", "KB4486713", "KB4484270", "KB4475511", "KB4493160", "KB4486674", "KB4011027", "KB4484470", "KB4484254", "KB4484503", "KB4462169", "KB4461633", "KB4475528", "KB4493192", "KB4486750", "KB4484223", "KB4484451"], "parentseeds": ["KB5001973", "KB5001943", "KB4504714", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:30", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds"], "edition": 2}, {"bulletin": {"id": "KB4493229", "hash": "519cf60cd1048374a3da70494fbb1581bf8bd2feea2937bb16463cb485d2ec3c", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-03-09", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4493229", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27057"], "immutableFields": [], "lastseen": "2021-07-27T10:13:30", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:30", "references": [{"idList": ["CVE-2021-27057"], "type": "cve"}, {"idList": ["SMB_NT_MS21_MAR_EXCEL.NASL", "SMB_NT_MS21_MAR_OFFICE_WEB.NASL", "MACOS_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_OFFICE.NASL"], "type": "nessus"}, {"idList": ["ZDI-21-334"], "type": "zdi"}, {"idList": ["MS:CVE-2021-27057"], "type": "mscve"}, {"idList": ["KB4493234", "KB4493200", "KB4493233"], "type": "mskb"}, {"idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:30", "rev": 2, "value": 6.2, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:30", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds", "title"], "edition": 3}, {"bulletin": {"id": "KB4493229", "hash": "7976a994e9b17ee9e6d795311e490f28", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: March 9, 2021 (KB4493229)", "description": "# Description of the security update for Office Online Server: March 9, 2021\n(KB4493229)\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27053](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27053)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27054](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27054)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27057](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27057)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update fixes a crash that occurs when you load Open Document Format (ODF)\nfiles that contain charts that include certain kinds of trendlines.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493229)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493229 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=eed19d96-ba2c-49bb-8b65-6177493f5220)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: March 9, 2021 (KB5001208)](/en-us/topic/security-update-\ndeployment-information-\nmarch-9-2021-kb5001208-447f0e23-7611-4746-ba57-37dc2b8a2827).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493192](https://support.microsoft.com/kb/4493192).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493229-fullfile-x64-glb.exe|\nC35F2495DAF2E4559C32469128467F6A475650E7|\n36E246E084E3D43D0A07C90C103199A24784DA9B8E2E58970596367A83D2C761 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493229](https://download.microsoft.com/download/f/d/a/fda2068c-8607-45e6-9f0d-a6ecc02d0724/4493229.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493229", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27053", "CVE-2021-27057", "CVE-2021-27054"], "immutableFields": [], "lastseen": "2021-08-01T10:12:48", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27057", "CVE-2021-27053", "CVE-2021-27054"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_MAR_EXCEL.NASL", "SMB_NT_MS21_MAR_OFFICE.NASL", "MACOS_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_OFFICE_WEB.NASL"]}, {"type": "mskb", "idList": ["KB4493203", "KB4504707", "KB4493214", "KB4493233", "KB4493200", "KB4493239", "KB4493234"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-27053/"]}, {"type": "zdi", "idList": ["ZDI-21-334", "ZDI-21-507", "ZDI-21-332"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27054", "MS:CVE-2021-27053", "MS:CVE-2021-27057"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-01T10:12:48", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-08-01T10:12:48", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493229", "msrc": "", "mscve": "CVE-2021-27057", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484223", "KB4484141", "KB4493160", "KB4475511", "KB4011027", "KB4493192", "KB4486674", "KB4462169", "KB4484254", "KB4484451", "KB4475595", "KB4484503", "KB4484470", "KB4486750", "KB4461633", "KB4486713", "KB4484290", "KB4475528", "KB4484270"], "parentseeds": ["KB5001973", "KB5001914", "KB4504714", "KB5001943"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-01T10:12:48", "differentElements": ["description"], "edition": 4}, {"bulletin": {"id": "KB4493229", "hash": "4b9dfc76b68893b79fe90ab859250e31", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: March 9, 2021 (KB4493229)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27053](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27053)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27054](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27054)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27057](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27057)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update fixes a crash that occurs when you load Open Document Format (ODF)\nfiles that contain charts that include certain kinds of trendlines.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493229)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493229 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=eed19d96-ba2c-49bb-8b65-6177493f5220)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: March 9, 2021 (KB5001208)](/en-us/topic/security-update-\ndeployment-information-\nmarch-9-2021-kb5001208-447f0e23-7611-4746-ba57-37dc2b8a2827).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493192](https://support.microsoft.com/kb/4493192).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493229-fullfile-x64-glb.exe|\nC35F2495DAF2E4559C32469128467F6A475650E7|\n36E246E084E3D43D0A07C90C103199A24784DA9B8E2E58970596367A83D2C761 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493229](https://download.microsoft.com/download/f/d/a/fda2068c-8607-45e6-9f0d-a6ecc02d0724/4493229.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493229", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27053", "CVE-2021-27054", "CVE-2021-27057"], "immutableFields": [], "lastseen": "2021-08-12T23:37:26", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27053", "CVE-2021-27054", "CVE-2021-27057"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_EXCEL.NASL", "SMB_NT_MS21_MAR_OFFICE_WEB.NASL", "MACOS_MS21_MAR_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB4493233", "KB4493239", "KB4493203", "KB4504707", "KB4493214", "KB4493200", "KB4493234"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-27053/"]}, {"type": "kaspersky", "idList": ["KLA12109"]}, {"type": "zdi", "idList": ["ZDI-21-507", "ZDI-21-334", "ZDI-21-332"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27054", "MS:CVE-2021-27057", "MS:CVE-2021-27053"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-12T23:37:26", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-08-12T23:37:26", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493229", "msrc": "", "mscve": "CVE-2021-27057", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484223", "KB4484141", "KB4484470", "KB4475511", "KB4475595", "KB4011027", "KB4484270", "KB4486713", "KB4462169", "KB4493192", "KB4484254", "KB4486674", "KB4484451", "KB4484290", "KB4461633", "KB4493160", "KB4475528", "KB4484503", "KB4486750"], "parentseeds": ["KB4504714", "KB5001973", "KB5001943", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:37:26", "differentElements": ["cvelist", "description", "title"], "edition": 5}, {"bulletin": {"id": "KB4493229", "hash": "da228f2081ae691ea590d155b3b95e65", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-03-09", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493229", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27057"], "immutableFields": [], "lastseen": "2021-08-28T09:34:52", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27057"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27057"]}, {"type": "mskb", "idList": ["KB4493200", "KB4493234", "KB4493233"]}, {"type": "zdi", "idList": ["ZDI-21-334"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_OFFICE_WEB.NASL", "SMB_NT_MS21_MAR_EXCEL.NASL", "MACOS_MS21_MAR_OFFICE.NASL"]}, {"type": "kaspersky", "idList": ["KLA12109"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-28T09:34:52", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-28T09:34:52", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493229", "msrc": "", "mscve": "CVE-2021-27057", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4484470", "KB4475595", "KB4493192", "KB4484270", "KB4462169", "KB4493160", "KB4486750", "KB4475511", "KB4484451", "KB4475528", "KB4484223", "KB4461633", "KB4486713", "KB4484503", "KB4484141", "KB4484290", "KB4011027", "KB4486674"], "parentseeds": ["KB5001973", "KB5001943", "KB4504714", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-28T09:34:52", "differentElements": ["cvelist", "description", "title"], "edition": 6}, {"bulletin": {"id": "KB4493229", "hash": "4b9dfc76b68893b79fe90ab859250e31", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: March 9, 2021 (KB4493229)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27053](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27053)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27054](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27054)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-27057](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27057)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update fixes a crash that occurs when you load Open Document Format (ODF)\nfiles that contain charts that include certain kinds of trendlines.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493229)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493229 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=eed19d96-ba2c-49bb-8b65-6177493f5220)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: March 9, 2021 (KB5001208)](/en-us/topic/security-update-\ndeployment-information-\nmarch-9-2021-kb5001208-447f0e23-7611-4746-ba57-37dc2b8a2827).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493192](https://support.microsoft.com/kb/4493192).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493229-fullfile-x64-glb.exe|\nC35F2495DAF2E4559C32469128467F6A475650E7|\n36E246E084E3D43D0A07C90C103199A24784DA9B8E2E58970596367A83D2C761 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493229](https://download.microsoft.com/download/f/d/a/fda2068c-8607-45e6-9f0d-a6ecc02d0724/4493229.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493229", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27057", "CVE-2021-27054", "CVE-2021-27053"], "immutableFields": [], "lastseen": "2021-09-06T10:41:30", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27057", "CVE-2021-27053", "CVE-2021-27054"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_MAR_OFFICE.NASL", "MACOS_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_OFFICE_WEB.NASL", "SMB_NT_MS21_MAR_EXCEL.NASL"]}, {"type": "mskb", "idList": ["KB4493200", "KB4493203", "KB4493233", "KB4493214", "KB4493239", "KB4504707", "KB4493234"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-27053/"]}, {"type": "zdi", "idList": ["ZDI-21-332", "ZDI-21-507", "ZDI-21-334"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27057", "MS:CVE-2021-27054", "MS:CVE-2021-27053"]}, {"type": "kaspersky", "idList": ["KLA12109"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-06T10:41:30", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-09-06T10:41:30", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493229", "msrc": "", "mscve": "CVE-2021-27057", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486750", "KB4484503", "KB4475511", "KB4475528", "KB4493192", "KB4011027", "KB4462169", "KB4484254", "KB4486713", "KB4493160", "KB4484270", "KB4484141", "KB4484470", "KB4486674", "KB4484223", "KB4461633", "KB4475595", "KB4484451", "KB4484290"], "parentseeds": ["KB5001914", "KB4504714", "KB5001943", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:41:30", "differentElements": ["parentseeds"], "edition": 7}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27054", "CVE-2021-27057", "CVE-2021-27053"]}, {"type": "nessus", "idList": ["MACOS_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_OFFICE_WEB.NASL", "SMB_NT_MS21_MAR_OFFICE.NASL", "SMB_NT_MS21_MAR_EXCEL.NASL"]}, {"type": "mskb", "idList": ["KB4493233", "KB4493239", "KB4493214", "KB4493200", "KB4493203", "KB4504707", "KB4493234"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-27053/"]}, {"type": "zdi", "idList": ["ZDI-21-332", "ZDI-21-334", "ZDI-21-507"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27053", "MS:CVE-2021-27054", "MS:CVE-2021-27057"]}, {"type": "kaspersky", "idList": ["KLA12109"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-15T19:58:35", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-09-15T19:58:35", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493229", "msrc": "", "mscve": "CVE-2021-27057", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4462169", "KB4484141", "KB4011027", "KB4486713", "KB4484290", "KB4475528", "KB4475595", "KB4484223", "KB4493160", "KB4486750", "KB4484503", "KB4484254", "KB4475511", "KB4484270", "KB4484470", "KB4484451", "KB4493192", "KB4461633"], "parentseeds": ["KB5001999", "KB5001914", "KB5001943", "KB5001973", "KB4504714"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB4493192", "hash": "a1f58f961a920128577410c8b3332bd2", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: February 9, 2021 (KB4493192)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24067](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24067)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24069](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24069)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24070](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24070)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update contains a fix for the following nonsecurity issue:\n\n * An Excel document that has the Right-To-Left (RTL) setting enabled can't be scrolled horizontally when it's opened in Google Chrome browsers or Microsoft Edge based on Chromium by using Excel Online.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493192)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493192 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: February 9, 2021](https://support.microsoft.com/help/20210209).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493160](https://support.microsoft.com/kb/4493160).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493192-fullfile-x64-glb.exe|\nA29670BC07952A17B884855E83F3E3F00AF50082|\n5A1C4C1A3B9A179C56D17E7CFC1D67627F8A8391E6412C7FBE50E78595FAD756 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493192](https://download.microsoft.com/download/0/0/d/00de5d6e-f3fb-41ba-a230-341b436b18e2/4493192.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24069", "CVE-2021-24070", "CVE-2021-24067"], "immutableFields": [], "lastseen": "2021-09-15T19:57:56", "history": [{"bulletin": {"id": "KB4493192", "hash": "9e94a3f22a00c902065f96c9c0021f01", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: February 9, 2021 (KB4493192)", "description": "# Description of the security update for Office Online Server: February 9,\n2021 (KB4493192)\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24067](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24067)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24069](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24069)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24070](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24070)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update contains a fix for the following nonsecurity issue:\n\n * An Excel document that has the Right-To-Left (RTL) setting enabled can't be scrolled horizontally when it's opened in Google Chrome browsers or Microsoft Edge based on Chromium by using Excel Online.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493192)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493192 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: February 9, 2021](https://support.microsoft.com/help/20210209).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493160](https://support.microsoft.com/kb/4493160).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493192-fullfile-x64-glb.exe|\nA29670BC07952A17B884855E83F3E3F00AF50082|\n5A1C4C1A3B9A179C56D17E7CFC1D67627F8A8391E6412C7FBE50E78595FAD756 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493192](https://download.microsoft.com/download/0/0/d/00de5d6e-f3fb-41ba-a230-341b436b18e2/4493192.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24070", "CVE-2021-24067", "CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-07-24T23:43:12", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-24T23:43:12", "references": [{"idList": ["SMB_NT_MS21_FEB_OFFICE_WEB.NASL", "MACOS_MS21_FEB_OFFICE.NASL", "SMB_NT_MS21_FEB_EXCEL.NASL"], "type": "nessus"}, {"idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"], "type": "rapid7blog"}, {"idList": ["KB4493196", "KB4493211", "KB4493204", "KB4493222"], "type": "mskb"}, {"idList": ["CVE-2021-24070", "CVE-2021-24067", "CVE-2021-24069"], "type": "cve"}, {"idList": ["MS:CVE-2021-24070", "MS:CVE-2021-24069", "MS:CVE-2021-24067"], "type": "mscve"}, {"idList": ["ZDI-21-180", "ZDI-21-181"], "type": "zdi"}], "rev": 2}, "score": {"modified": "2021-07-24T23:43:12", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4493160", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486750", "KB4486713", "KB4484141", "KB4486674", "KB4484290", "KB4484254"], "parentseeds": ["KB5001943", "KB5001973", "KB4504714", "KB4493229", "KB5001914"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-24T23:43:12", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "title"], "edition": 1}, {"bulletin": {"id": "KB4493192", "hash": "1deac913e0f6e40b9db1c67e92b0453931dc961c786d39d19d879ed91f783adb", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-02-09", "description": "", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-07-27T10:13:24", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:24", "references": [{"idList": ["SMB_NT_MS21_FEB_OFFICE_WEB.NASL", "MACOS_MS21_FEB_OFFICE.NASL", "SMB_NT_MS21_FEB_EXCEL.NASL"], "type": "nessus"}, {"idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"], "type": "rapid7blog"}, {"idList": ["CVE-2021-24069"], "type": "cve"}, {"idList": ["KB4493196", "KB4493211", "KB4493204", "KB4493222"], "type": "mskb"}, {"idList": ["MS:CVE-2021-24069"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:24", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4486750", "KB4493160", "KB4462169", "KB4486674", "KB4461633", "KB4475528", "KB4484290", "KB4011027", "KB4484470", "KB4484223", "KB4484254", "KB4486713", "KB4484451", "KB4484270", "KB4475511", "KB4484503"], "parentseeds": ["KB4493229", "KB4504714", "KB5001943", "KB5001914", "KB5001973"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:24", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds"], "edition": 2}, {"bulletin": {"id": "KB4493192", "hash": "24fc07d6cb188af8192463eb1e686afb3d0f92ea4c0d59dd84578ac2a513952e", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-02-09", "description": "", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-07-27T10:13:24", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:24", "references": [{"idList": ["SMB_NT_MS21_FEB_OFFICE_WEB.NASL", "MACOS_MS21_FEB_OFFICE.NASL", "SMB_NT_MS21_FEB_EXCEL.NASL"], "type": "nessus"}, {"idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"], "type": "rapid7blog"}, {"idList": ["CVE-2021-24069"], "type": "cve"}, {"idList": ["KB4493196", "KB4493211", "KB4493204", "KB4493222"], "type": "mskb"}, {"idList": ["MS:CVE-2021-24069"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:24", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:24", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds", "title"], "edition": 3}, {"bulletin": {"id": "KB4493192", "hash": "a85fd9de9958d9443ffad2e5d263a352", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: February 9, 2021 (KB4493192)", "description": "# Description of the security update for Office Online Server: February 9,\n2021 (KB4493192)\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24067](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24067)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24069](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24069)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24070](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24070)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update contains a fix for the following nonsecurity issue:\n\n * An Excel document that has the Right-To-Left (RTL) setting enabled can't be scrolled horizontally when it's opened in Google Chrome browsers or Microsoft Edge based on Chromium by using Excel Online.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493192)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493192 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: February 9, 2021](https://support.microsoft.com/help/20210209).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493160](https://support.microsoft.com/kb/4493160).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493192-fullfile-x64-glb.exe|\nA29670BC07952A17B884855E83F3E3F00AF50082|\n5A1C4C1A3B9A179C56D17E7CFC1D67627F8A8391E6412C7FBE50E78595FAD756 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493192](https://download.microsoft.com/download/0/0/d/00de5d6e-f3fb-41ba-a230-341b436b18e2/4493192.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24067", "CVE-2021-24070", "CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-08-01T10:12:11", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24069", "CVE-2021-24067", "CVE-2021-24070"]}, {"type": "mskb", "idList": ["KB4493222", "KB4493211", "KB4493196", "KB4493204"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_FEB_EXCEL.NASL", "SMB_NT_MS21_FEB_OFFICE_WEB.NASL", "MACOS_MS21_FEB_OFFICE.NASL"]}, {"type": "zdi", "idList": ["ZDI-21-181", "ZDI-21-180"]}, {"type": "mscve", "idList": ["MS:CVE-2021-24069", "MS:CVE-2021-24070", "MS:CVE-2021-24067"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-08-01T10:12:11", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-01T10:12:11", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4011027", "KB4484451", "KB4484223", "KB4486750", "KB4461633", "KB4486713", "KB4475595", "KB4484141", "KB4484290", "KB4486674", "KB4462169", "KB4475528", "KB4484503", "KB4484270", "KB4484470", "KB4493160", "KB4475511"], "parentseeds": ["KB4493229", "KB5001914", "KB4504714", "KB5001943", "KB5001973"], "msproducts": ["10836", "11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-01T10:12:11", "differentElements": ["description"], "edition": 4}, {"bulletin": {"id": "KB4493192", "hash": "1009ffb1e93eaacc58327af0df417b8c", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: February 9, 2021 (KB4493192)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24067](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24067)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24069](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24069)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24070](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24070)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update contains a fix for the following nonsecurity issue:\n\n * An Excel document that has the Right-To-Left (RTL) setting enabled can't be scrolled horizontally when it's opened in Google Chrome browsers or Microsoft Edge based on Chromium by using Excel Online.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493192)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493192 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: February 9, 2021](https://support.microsoft.com/help/20210209).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493160](https://support.microsoft.com/kb/4493160).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493192-fullfile-x64-glb.exe|\nA29670BC07952A17B884855E83F3E3F00AF50082|\n5A1C4C1A3B9A179C56D17E7CFC1D67627F8A8391E6412C7FBE50E78595FAD756 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493192](https://download.microsoft.com/download/0/0/d/00de5d6e-f3fb-41ba-a230-341b436b18e2/4493192.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24070", "CVE-2021-24067", "CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-08-12T23:36:35", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24070", "CVE-2021-24067", "CVE-2021-24069"]}, {"type": "mskb", "idList": ["KB4493196", "KB4493211", "KB4493222", "KB4493204"]}, {"type": "nessus", "idList": ["MACOS_MS21_FEB_OFFICE.NASL", "SMB_NT_MS21_FEB_EXCEL.NASL", "SMB_NT_MS21_FEB_OFFICE_WEB.NASL"]}, {"type": "kaspersky", "idList": ["KLA12069"]}, {"type": "mscve", "idList": ["MS:CVE-2021-24069", "MS:CVE-2021-24070", "MS:CVE-2021-24067"]}, {"type": "zdi", "idList": ["ZDI-21-180", "ZDI-21-181"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-08-12T23:36:35", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-08-12T23:36:35", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4011027", "KB4484290", "KB4484223", "KB4484451", "KB4484141", "KB4484503", "KB4475595", "KB4484270", "KB4475511", "KB4484470", "KB4486713", "KB4462169", "KB4484254", "KB4461633", "KB4493160", "KB4486750", "KB4486674", "KB4475528"], "parentseeds": ["KB5001914", "KB4504714", "KB4493229", "KB5001973", "KB5001943"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:36:35", "differentElements": ["cvelist", "description", "title"], "edition": 5}, {"bulletin": {"id": "KB4493192", "hash": "0d061cd896ca712dbbcb7b3eef3649ca", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-02-09", "description": "", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-08-28T09:34:37", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24069"]}, {"type": "mscve", "idList": ["MS:CVE-2021-24069"]}, {"type": "mskb", "idList": ["KB4493196", "KB4493211", "KB4493204", "KB4493222"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_FEB_EXCEL.NASL", "SMB_NT_MS21_FEB_OFFICE_WEB.NASL", "MACOS_MS21_FEB_OFFICE.NASL"]}, {"type": "kaspersky", "idList": ["KLA12069"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-08-28T09:34:37", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-08-28T09:34:37", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4461633", "KB4486713", "KB4493160", "KB4484503", "KB4475528", "KB4486750", "KB4484141", "KB4475595", "KB4484470", "KB4484290", "KB4475511", "KB4484270", "KB4011027", "KB4462169", "KB4484223", "KB4486674", "KB4484451"], "parentseeds": ["KB4493229", "KB5001973", "KB4504714", "KB5001943", "KB5001914"], "msproducts": ["10836", "11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-28T09:34:37", "differentElements": ["cvelist", "description", "title"], "edition": 6}, {"bulletin": {"id": "KB4493192", "hash": "1009ffb1e93eaacc58327af0df417b8c", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: February 9, 2021 (KB4493192)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24067](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24067)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24069](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24069)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24070](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24070)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update contains a fix for the following nonsecurity issue:\n\n * An Excel document that has the Right-To-Left (RTL) setting enabled can't be scrolled horizontally when it's opened in Google Chrome browsers or Microsoft Edge based on Chromium by using Excel Online.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493192)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493192 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: February 9, 2021](https://support.microsoft.com/help/20210209).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493160](https://support.microsoft.com/kb/4493160).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493192-fullfile-x64-glb.exe|\nA29670BC07952A17B884855E83F3E3F00AF50082|\n5A1C4C1A3B9A179C56D17E7CFC1D67627F8A8391E6412C7FBE50E78595FAD756 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493192](https://download.microsoft.com/download/0/0/d/00de5d6e-f3fb-41ba-a230-341b436b18e2/4493192.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24067", "CVE-2021-24070", "CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-08-30T16:48:57", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24067", "CVE-2021-24070", "CVE-2021-24069"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_FEB_OFFICE_WEB.NASL", "SMB_NT_MS21_FEB_EXCEL.NASL", "MACOS_MS21_FEB_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB4493222", "KB4493196", "KB4493211", "KB4493204"]}, {"type": "kaspersky", "idList": ["KLA12069"]}, {"type": "zdi", "idList": ["ZDI-21-180", "ZDI-21-181"]}, {"type": "mscve", "idList": ["MS:CVE-2021-24067", "MS:CVE-2021-24069", "MS:CVE-2021-24070"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-08-30T16:48:57", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-08-30T16:48:57", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4475511", "KB4486713", "KB4484503", "KB4486674", "KB4484141", "KB4493160", "KB4484270", "KB4475528", "KB4475595", "KB4486750", "KB4011027", "KB4484451", "KB4461633", "KB4484223", "KB4462169", "KB4484470", "KB4484290"], "parentseeds": ["KB4493229", "KB4504714", "KB5001943", "KB5001973", "KB5001914"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-30T16:48:57", "differentElements": ["cvelist", "description", "title"], "edition": 7}, {"bulletin": {"id": "KB4493192", "hash": "0d061cd896ca712dbbcb7b3eef3649ca", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-02-09", "description": "", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-08-31T09:59:40", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24069"]}, {"type": "mscve", "idList": ["MS:CVE-2021-24069"]}, {"type": "mskb", "idList": ["KB4493196", "KB4493211", "KB4493204", "KB4493222"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_FEB_EXCEL.NASL", "MACOS_MS21_FEB_OFFICE.NASL", "SMB_NT_MS21_FEB_OFFICE_WEB.NASL"]}, {"type": "kaspersky", "idList": ["KLA12069"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-08-31T09:59:40", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-08-31T09:59:40", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4011027", "KB4484270", "KB4461633", "KB4484290", "KB4475528", "KB4484141", "KB4475595", "KB4462169", "KB4486674", "KB4484223", "KB4486750", "KB4484470", "KB4484503", "KB4493160", "KB4484254", "KB4484451", "KB4486713", "KB4475511"], "parentseeds": ["KB4504714", "KB4493229", "KB5001914", "KB5001943", "KB5001973"], "msproducts": ["10836", "11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-31T09:59:40", "differentElements": ["cvelist", "description", "title"], "edition": 8}, {"bulletin": {"id": "KB4493192", "hash": "1009ffb1e93eaacc58327af0df417b8c", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: February 9, 2021 (KB4493192)", "description": "None\n\n## Summary\n\nThis security update resolves a Microsoft Excel Remote Code Execution\nVulnerability. To learn more about the vulnerability, see the following\nsecurity advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24067](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24067)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24069](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24069)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-24070](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24070)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## Improvements and fixes\n\nThis update contains a fix for the following nonsecurity issue:\n\n * An Excel document that has the Right-To-Left (RTL) setting enabled can't be scrolled horizontally when it's opened in Google Chrome browsers or Microsoft Edge based on Chromium by using Excel Online.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493192)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 4493192 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=97b759cd-5e84-4b76-a80b-f8fe9b8d28c2)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: February 9, 2021](https://support.microsoft.com/help/20210209).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4493160](https://support.microsoft.com/kb/4493160).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493192-fullfile-x64-glb.exe|\nA29670BC07952A17B884855E83F3E3F00AF50082|\n5A1C4C1A3B9A179C56D17E7CFC1D67627F8A8391E6412C7FBE50E78595FAD756 \n \n### File information\n\nDownload [the list of files that are included in security update\n4493192](https://download.microsoft.com/download/0/0/d/00de5d6e-f3fb-41ba-a230-341b436b18e2/4493192.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-02-09T08:00:00", "modified": "2021-02-09T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493192", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-24070", "CVE-2021-24067", "CVE-2021-24069"], "immutableFields": [], "lastseen": "2021-09-06T10:41:17", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24069", "CVE-2021-24070", "CVE-2021-24067"]}, {"type": "nessus", "idList": ["MACOS_MS21_FEB_OFFICE.NASL", "SMB_NT_MS21_FEB_EXCEL.NASL", "SMB_NT_MS21_FEB_OFFICE_WEB.NASL"]}, {"type": "mskb", "idList": ["KB4493211", "KB4493204", "KB4493222", "KB4493196"]}, {"type": "mscve", "idList": ["MS:CVE-2021-24067", "MS:CVE-2021-24069", "MS:CVE-2021-24070"]}, {"type": "zdi", "idList": ["ZDI-21-181", "ZDI-21-180"]}, {"type": "kaspersky", "idList": ["KLA12069"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-09-06T10:41:17", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-06T10:41:17", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4486750", "KB4486713", "KB4493160", "KB4011027", "KB4484503", "KB4461633", "KB4462169", "KB4484254", "KB4475595", "KB4484451", "KB4484290", "KB4484223", "KB4484141", "KB4484270", "KB4475528", "KB4475511", "KB4484470"], "parentseeds": ["KB5001943", "KB5001973", "KB5001914", "KB4504714", "KB4493229"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:41:17", "differentElements": ["parentseeds"], "edition": 9}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24070", "CVE-2021-24067", "CVE-2021-24069"]}, {"type": "mskb", "idList": ["KB4493211", "KB4493204", "KB4493222", "KB4493196"]}, {"type": "nessus", "idList": ["MACOS_MS21_FEB_OFFICE.NASL", "SMB_NT_MS21_FEB_EXCEL.NASL", "SMB_NT_MS21_FEB_OFFICE_WEB.NASL"]}, {"type": "zdi", "idList": ["ZDI-21-181", "ZDI-21-180"]}, {"type": "mscve", "idList": ["MS:CVE-2021-24067", "MS:CVE-2021-24069", "MS:CVE-2021-24070"]}, {"type": "kaspersky", "idList": ["KLA12069"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-09-15T19:57:56", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-15T19:57:56", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493192", "msrc": "", "mscve": "CVE-2021-24069", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4484270", "KB4484254", "KB4462169", "KB4484290", "KB4484503", "KB4484470", "KB4484451", "KB4486750", "KB4475528", "KB4484141", "KB4461633", "KB4011027", "KB4475595", "KB4484223", "KB4493160", "KB4475511", "KB4486713"], "parentseeds": ["KB4493229", "KB5001999", "KB5001914", "KB5001943", "KB5001973", "KB4504714"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB4493160", "hash": "9fe25779eb3a184910f9e8023ba31ce3", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: January 12, 2021", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1713](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1713)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1714](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1714)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1715](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1715)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1716](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1716)\n\n **Note** To apply this security update, you must have the release version of\nOffice Online Server installed on the computer.\n\n## Improvements and fixes\n\nChrome browser version 72 and later versions block popup dialog boxes that\naren't initiated by a user click. This prevents the Insert Picture feature\nfrom displaying its popup dialog box. This update fixes the issue. After you\napply this update, the **Insert Picture** command opens a dialog box in which\nyou can select **Choose File** to browse for a file in a second dialog box.\nAfter you select the desired file, you are returned to the **Insert Picture**\ndialog box, where you can now select **Insert**.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493160)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4493160 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=cf17dfe3-8e12-4e61-b2c4-02e09c242de3)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: January 12, 2021](https://support.microsoft.com/en-\nus/help/20210112).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486750](http://support.microsoft.com/kb/4486750).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493160-fullfile-x64-glb.exe|\nE3E42A921483B3BEC350D540C5DE21060071DE06|\n42336E623C1CC3C8029395B1ACBBBD3A53457F44596D749EA3566D1C0D089120 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4493160](https://download.microsoft.com/download/1/d/8/1d8eca3e-71a2-4e62-ba3b-bfdebc2a1ff3/4493160.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-01-12T08:00:00", "modified": "2021-01-12T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493160", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-1713", "CVE-2021-1714", "CVE-2021-1715", "CVE-2021-1716"], "immutableFields": [], "lastseen": "2021-09-15T19:57:35", "history": [{"bulletin": {"id": "KB4493160", "hash": "84c4250ad6192cd94a0c4eba709beb61", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: January 12, 2021", "description": "# Description of the security update for Office Online Server: January 12,\n2021\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1713](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1713)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1714](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1714)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1715](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1715)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1716](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1716)\n\n **Note** To apply this security update, you must have the release version of\nOffice Online Server installed on the computer.\n\n## Improvements and fixes\n\nChrome browser version 72 and later versions block popup dialog boxes that\naren't initiated by a user click. This prevents the Insert Picture feature\nfrom displaying its popup dialog box. This update fixes the issue. After you\napply this update, the **Insert Picture** command opens a dialog box in which\nyou can select **Choose File** to browse for a file in a second dialog box.\nAfter you select the desired file, you are returned to the **Insert Picture**\ndialog box, where you can now select **Insert**.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493160)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4493160 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=cf17dfe3-8e12-4e61-b2c4-02e09c242de3)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: January 12, 2021](https://support.microsoft.com/en-\nus/help/20210112).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486750](http://support.microsoft.com/kb/4486750).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493160-fullfile-x64-glb.exe|\nE3E42A921483B3BEC350D540C5DE21060071DE06|\n42336E623C1CC3C8029395B1ACBBBD3A53457F44596D749EA3566D1C0D089120 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4493160](https://download.microsoft.com/download/1/d/8/1d8eca3e-71a2-4e62-ba3b-bfdebc2a1ff3/4493160.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-01-12T08:00:00", "modified": "2021-01-12T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4493160", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-1715", "CVE-2021-1713", "CVE-2021-1716", "CVE-2021-1714"], "immutableFields": [], "lastseen": "2021-07-24T23:42:45", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-24T23:42:45", "references": [{"idList": ["CVE-2021-1715", "CVE-2021-1713", "CVE-2021-1716", "CVE-2021-1714"], "type": "cve"}, {"idList": ["KB4493183", "KB4493178", "KB4493161", "KB4493145", "KB4486764", "KB4493167", "KB4493165", "KB4493142", "KB4486683", "KB4493156"], "type": "mskb"}, {"idList": ["MS:CVE-2021-1714", "MS:CVE-2021-1713", "MS:CVE-2021-1716", "MS:CVE-2021-1715"], "type": "mscve"}, {"idList": ["ZDI-21-026", "ZDI-21-023"], "type": "zdi"}, {"idList": ["MACOS_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_FEB_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_JAN_WORD.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_JAN_OFFICE_WEB.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_JAN_EXCEL.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2019.NASL"], "type": "nessus"}, {"idList": ["RAPID7BLOG:A8AF62CC15B38126207722D29F080EE3"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-07-24T23:42:45", "rev": 2, "value": 5.7, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4493160", "msrc": "", "mscve": "CVE-2021-1716", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486750", "KB4486713", "KB4484141", "KB4486674", "KB4484290", "KB4484254"], "parentseeds": ["KB5001943", "KB5001973", "KB4504714", "KB4493229", "KB5001914", "KB4493192"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-24T23:42:45", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "title"], "edition": 1}, {"bulletin": {"id": "KB4493160", "hash": "e3479b9947636addda2a06a441a02c9de4819a4c558bfee493bc351805f6da4d", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-01-12", "description": "", "published": "2021-01-12T08:00:00", "modified": "2021-01-12T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493160", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-1716"], "immutableFields": [], "lastseen": "2021-07-27T10:13:20", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-1716"]}, {"type": "mskb", "idList": ["KB4493156", "KB4486683", "KB4493171", "KB4493167", "KB4493183", "KB4493145", "KB4486764", "KB4493178", "KB4493161", "KB4493142"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1716"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_JAN_OFFICE_WEB.NASL", "SMB_NT_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_WORD.NASL", "SMB_NT_MS21_FEB_OFFICE_SHAREPOINT_2019.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:A8AF62CC15B38126207722D29F080EE3"]}], "modified": "2021-07-27T10:13:20", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-07-27T10:13:20", "rev": 2}}, "objectVersion": "1.5", "kb": "KB4493160", "msrc": "", "mscve": "CVE-2021-1716", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4486750", "KB4484290", "KB4462169", "KB4486674", "KB4461633", "KB4475528", "KB4011027", "KB4484470", "KB4484223", "KB4484254", "KB4486713", "KB4484451", "KB4484270", "KB4475511", "KB4484503"], "parentseeds": ["KB4493229", "KB4504714", "KB5001943", "KB4493192", "KB5001914", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:20", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds"], "edition": 2}, {"bulletin": {"id": "KB4493160", "hash": "850a794f4f4d75c05a928b98c0a7293d131170ed9de72123501543106eca226f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-01-12", "description": "", "published": "2021-01-12T08:00:00", "modified": "2021-01-12T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4493160", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-1716"], "immutableFields": [], "lastseen": "2021-07-27T10:13:20", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:20", "references": [{"idList": ["CVE-2021-1716"], "type": "cve"}, {"idList": ["MACOS_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_FEB_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_JAN_WORD.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_JAN_OFFICE_WEB.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2019.NASL"], "type": "nessus"}, {"idList": ["KB4493183", "KB4493178", "KB4493161", "KB4493145", "KB4486764", "KB4493167", "KB4493142", "KB4486683", "KB4493171", "KB4493156"], "type": "mskb"}, {"idList": ["MS:CVE-2021-1716"], "type": "mscve"}, {"idList": ["RAPID7BLOG:A8AF62CC15B38126207722D29F080EE3"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:20", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:20", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds", "title"], "edition": 3}, {"bulletin": {"id": "KB4493160", "hash": "c87da2298414fd01d39f677db14e2e64", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: January 12, 2021", "description": "# Description of the security update for Office Online Server: January 12,\n2021\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1713](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1713)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1714](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1714)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1715](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1715)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1716](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1716)\n\n **Note** To apply this security update, you must have the release version of\nOffice Online Server installed on the computer.\n\n## Improvements and fixes\n\nChrome browser version 72 and later versions block popup dialog boxes that\naren't initiated by a user click. This prevents the Insert Picture feature\nfrom displaying its popup dialog box. This update fixes the issue. After you\napply this update, the **Insert Picture** command opens a dialog box in which\nyou can select **Choose File** to browse for a file in a second dialog box.\nAfter you select the desired file, you are returned to the **Insert Picture**\ndialog box, where you can now select **Insert**.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493160)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4493160 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=cf17dfe3-8e12-4e61-b2c4-02e09c242de3)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: January 12, 2021](https://support.microsoft.com/en-\nus/help/20210112).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486750](http://support.microsoft.com/kb/4486750).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493160-fullfile-x64-glb.exe|\nE3E42A921483B3BEC350D540C5DE21060071DE06|\n42336E623C1CC3C8029395B1ACBBBD3A53457F44596D749EA3566D1C0D089120 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4493160](https://download.microsoft.com/download/1/d/8/1d8eca3e-71a2-4e62-ba3b-bfdebc2a1ff3/4493160.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-01-12T08:00:00", "modified": "2021-01-12T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493160", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-1713", "CVE-2021-1715", "CVE-2021-1714", "CVE-2021-1716"], "immutableFields": [], "lastseen": "2021-08-01T10:11:40", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_JAN_OFFICE_WEB.NASL", "SMB_NT_MS21_JAN_WORD.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2019.NASL", "MACOS_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS21_JAN_EXCEL.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2016.NASL"]}, {"type": "cve", "idList": ["CVE-2021-1713", "CVE-2021-1715", "CVE-2021-1716", "CVE-2021-1714"]}, {"type": "mskb", "idList": ["KB4493161", "KB4486683", "KB4493145", "KB4493156", "KB4486764", "KB4493178", "KB4493142", "KB4493176", "KB4493167", "KB4493183"]}, {"type": "zdi", "idList": ["ZDI-21-023", "ZDI-21-026"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1713", "MS:CVE-2021-1715", "MS:CVE-2021-1714", "MS:CVE-2021-1716"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:A8AF62CC15B38126207722D29F080EE3"]}], "modified": "2021-08-01T10:11:40", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-01T10:11:40", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493160", "msrc": "", "mscve": "CVE-2021-1716", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4011027", "KB4484451", "KB4484223", "KB4486750", "KB4461633", "KB4486713", "KB4475595", "KB4484141", "KB4484290", "KB4486674", "KB4462169", "KB4475528", "KB4484503", "KB4484270", "KB4484470", "KB4475511"], "parentseeds": ["KB4493229", "KB5001914", "KB4504714", "KB4493192", "KB5001943", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-01T10:11:40", "differentElements": ["description"], "edition": 4}, {"bulletin": {"id": "KB4493160", "hash": "a40b67662605ee436c6f61c802cb28a1", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: January 12, 2021", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1713](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1713)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1714](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1714)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1715](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1715)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1716](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1716)\n\n **Note** To apply this security update, you must have the release version of\nOffice Online Server installed on the computer.\n\n## Improvements and fixes\n\nChrome browser version 72 and later versions block popup dialog boxes that\naren't initiated by a user click. This prevents the Insert Picture feature\nfrom displaying its popup dialog box. This update fixes the issue. After you\napply this update, the **Insert Picture** command opens a dialog box in which\nyou can select **Choose File** to browse for a file in a second dialog box.\nAfter you select the desired file, you are returned to the **Insert Picture**\ndialog box, where you can now select **Insert**.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493160)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4493160 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=cf17dfe3-8e12-4e61-b2c4-02e09c242de3)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: January 12, 2021](https://support.microsoft.com/en-\nus/help/20210112).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486750](http://support.microsoft.com/kb/4486750).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493160-fullfile-x64-glb.exe|\nE3E42A921483B3BEC350D540C5DE21060071DE06|\n42336E623C1CC3C8029395B1ACBBBD3A53457F44596D749EA3566D1C0D089120 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4493160](https://download.microsoft.com/download/1/d/8/1d8eca3e-71a2-4e62-ba3b-bfdebc2a1ff3/4493160.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-01-12T08:00:00", "modified": "2021-01-12T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493160", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-1714", "CVE-2021-1713", "CVE-2021-1716", "CVE-2021-1715"], "immutableFields": [], "lastseen": "2021-08-12T23:36:10", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_EXCEL.NASL", "MACOS_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS21_JAN_OFFICE_WEB.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_JAN_WORD.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2013.NASL"]}, {"type": "cve", "idList": ["CVE-2021-1715", "CVE-2021-1713", "CVE-2021-1714", "CVE-2021-1716"]}, {"type": "mskb", "idList": ["KB4493178", "KB4493161", "KB4486764", "KB4493145", "KB4493156", "KB4486683", "KB4493183", "KB4493142", "KB4493171", "KB4493167"]}, {"type": "kaspersky", "idList": ["KLA12042"]}, {"type": "zdi", "idList": ["ZDI-21-026", "ZDI-21-023"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1714", "MS:CVE-2021-1716", "MS:CVE-2021-1715", "MS:CVE-2021-1713"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:A8AF62CC15B38126207722D29F080EE3"]}], "modified": "2021-08-12T23:36:10", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-08-12T23:36:10", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493160", "msrc": "", "mscve": "CVE-2021-1716", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4011027", "KB4484223", "KB4484451", "KB4484141", "KB4484503", "KB4475595", "KB4484270", "KB4475511", "KB4484470", "KB4486713", "KB4462169", "KB4484254", "KB4461633", "KB4484290", "KB4486750", "KB4486674", "KB4475528"], "parentseeds": ["KB5001914", "KB4504714", "KB4493229", "KB4493192", "KB5001973", "KB5001943"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:36:10", "differentElements": ["cvelist", "description", "title"], "edition": 5}, {"bulletin": {"id": "KB4493160", "hash": "8735f7f38b8332f889adb6e3d3920585", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2021-01-12", "description": "", "published": "2021-01-12T08:00:00", "modified": "2021-01-12T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493160", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-1716"], "immutableFields": [], "lastseen": "2021-08-29T10:37:54", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-1716"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1716"]}, {"type": "mskb", "idList": ["KB4486764", "KB4493167", "KB4493178", "KB4486683", "KB4493142", "KB4493171", "KB4493183", "KB4493145", "KB4493161", "KB4493156"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_WORD.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_JAN_OFFICE_WEB.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2013.NASL"]}, {"type": "kaspersky", "idList": ["KLA12042"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:A8AF62CC15B38126207722D29F080EE3"]}], "modified": "2021-08-29T10:37:54", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-08-29T10:37:54", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493160", "msrc": "", "mscve": "CVE-2021-1716", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484270", "KB4462169", "KB4486750", "KB4484141", "KB4011027", "KB4475511", "KB4484254", "KB4486674", "KB4484451", "KB4475528", "KB4475595", "KB4484503", "KB4484290", "KB4484223", "KB4486713", "KB4461633", "KB4484470"], "parentseeds": ["KB5001943", "KB4493192", "KB5001914", "KB4493229", "KB5001973", "KB4504714"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-29T10:37:54", "differentElements": ["cvelist", "description", "title"], "edition": 6}, {"bulletin": {"id": "KB4493160", "hash": "a40b67662605ee436c6f61c802cb28a1", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: January 12, 2021", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1713](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1713)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1714](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1714)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1715](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1715)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-1716](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1716)\n\n **Note** To apply this security update, you must have the release version of\nOffice Online Server installed on the computer.\n\n## Improvements and fixes\n\nChrome browser version 72 and later versions block popup dialog boxes that\naren't initiated by a user click. This prevents the Insert Picture feature\nfrom displaying its popup dialog box. This update fixes the issue. After you\napply this update, the **Insert Picture** command opens a dialog box in which\nyou can select **Choose File** to browse for a file in a second dialog box.\nAfter you select the desired file, you are returned to the **Insert Picture**\ndialog box, where you can now select **Insert**.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4493160)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4493160 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=cf17dfe3-8e12-4e61-b2c4-02e09c242de3)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: January 12, 2021](https://support.microsoft.com/en-\nus/help/20210112).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486750](http://support.microsoft.com/kb/4486750).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4493160-fullfile-x64-glb.exe|\nE3E42A921483B3BEC350D540C5DE21060071DE06|\n42336E623C1CC3C8029395B1ACBBBD3A53457F44596D749EA3566D1C0D089120 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4493160](https://download.microsoft.com/download/1/d/8/1d8eca3e-71a2-4e62-ba3b-bfdebc2a1ff3/4493160.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2021-01-12T08:00:00", "modified": "2021-01-12T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4493160", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-1713", "CVE-2021-1716", "CVE-2021-1714", "CVE-2021-1715"], "immutableFields": [], "lastseen": "2021-09-06T10:41:02", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOS_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS21_JAN_OFFICE_WEB.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS21_JAN_EXCEL.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_WORD.NASL"]}, {"type": "cve", "idList": ["CVE-2021-1714", "CVE-2021-1715", "CVE-2021-1716", "CVE-2021-1713"]}, {"type": "mskb", "idList": ["KB4493178", "KB4493167", "KB4493156", "KB4486764", "KB4486683", "KB4493171", "KB4493145", "KB4493183", "KB4493142", "KB4493161"]}, {"type": "kaspersky", "idList": ["KLA12042"]}, {"type": "zdi", "idList": ["ZDI-21-023", "ZDI-21-026"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1715", "MS:CVE-2021-1714", "MS:CVE-2021-1713", "MS:CVE-2021-1716"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:A8AF62CC15B38126207722D29F080EE3"]}], "modified": "2021-09-06T10:41:02", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-06T10:41:02", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493160", "msrc": "", "mscve": "CVE-2021-1716", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4486750", "KB4486713", "KB4011027", "KB4484503", "KB4461633", "KB4462169", "KB4484254", "KB4475595", "KB4484451", "KB4484290", "KB4484223", "KB4484141", "KB4484270", "KB4475528", "KB4475511", "KB4484470"], "parentseeds": ["KB5001943", "KB5001973", "KB4493192", "KB5001914", "KB4504714", "KB4493229"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:41:02", "differentElements": ["parentseeds"], "edition": 7}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2013.NASL", "WEB_APPLICATION_SCANNING_112943", "SMB_NT_MS21_JAN_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS21_JAN_OFFICE.NASL", "SMB_NT_MS21_JAN_EXCEL.NASL", "SMB_NT_MS21_JAN_WORD.NASL", "WEB_APPLICATION_SCANNING_112942", "WEB_APPLICATION_SCANNING_112941", "SMB_NT_MS21_JAN_OFFICE_WEB.NASL"]}, {"type": "cve", "idList": ["CVE-2021-1715", "CVE-2021-1714", "CVE-2021-1716", "CVE-2021-1713"]}, {"type": "mskb", "idList": ["KB4493183", "KB4493171", "KB4493156", "KB4486683", "KB4486764", "KB4493142", "KB4493178", "KB4493167", "KB4493145", "KB4493161"]}, {"type": "kaspersky", "idList": ["KLA12042"]}, {"type": "zdi", "idList": ["ZDI-21-026", "ZDI-21-023"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1716", "MS:CVE-2021-1715", "MS:CVE-2021-1714", "MS:CVE-2021-1713"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:A8AF62CC15B38126207722D29F080EE3"]}], "modified": "2021-09-15T19:57:35", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-15T19:57:35", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4493160", "msrc": "", "mscve": "CVE-2021-1716", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4484270", "KB4484254", "KB4462169", "KB4484290", "KB4484503", "KB4484470", "KB4484451", "KB4475528", "KB4484141", "KB4461633", "KB4011027", "KB4475595", "KB4484223", "KB4486750", "KB4475511", "KB4486713"], "parentseeds": ["KB4493229", "KB4493192", "KB5001999", "KB5001914", "KB5001943", "KB5001973", "KB4504714"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB4486750", "hash": "63973608170ed036e045a3b99dd322bf", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: December 8, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17123](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17125](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17126](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17128](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17129](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486750)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486750 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=8cd5b65b-3454-4df7-8bb8-39701f06f06c)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: December 8, 2020](https://support.microsoft.com/en-\nus/help/20201208).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486713](http://support.microsoft.com/kb/4486713).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486750-fullfile-x64-glb.exe|\nB72B79CA13C10A34315C8518EC2EF4D3C4813A03|\n4EE016FC93D01B28B8EAB608DE2765031C9B4031624F596C06E2731C580F87D8 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486750](https://download.microsoft.com/download/c/6/5/c653ced0-0e44-4549-b408-8eccd6e3bfea/4486750.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17125", "CVE-2020-17123", "CVE-2020-17129", "CVE-2020-17128", "CVE-2020-17126"], "immutableFields": [], "lastseen": "2021-09-15T19:56:30", "history": [{"bulletin": {"id": "KB4486750", "hash": "ac64cfba655bc515c10e187c0179a38b5976fd4824c0bbfa84bd2a29696b94b0", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: December 8, 2020", "description": "<html><body><p>Provides information about the Office Online Server security update 4486750 that was released on December 8, 2020.</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following security advisories:</p><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17123</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17125</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17126</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17128</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17129</a></li></ul><p><strong>Note</strong> To apply this security update, you must have the release version of Microsoft Office Online Server installed on the computer.</p></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486750\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=8cd5b65b-3454-4df7-8bb8-39701f06f06c\" managed-link=\"\">Download security update 4486750 for the 64-bit version of Office Online Server</a></li></ul><h2>More information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/20201208\" managed-link=\"\" target=\"_blank\">security update deployment information: December 8, 2020</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4486713\" managed-link=\"\" target=\"_blank\">4486713</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>wacserver2019-kb4486750-fullfile-x64-glb.exe</td><td>B72B79CA13C10A34315C8518EC2EF4D3C4813A03</td><td>4EE016FC93D01B28B8EAB608DE2765031C9B4031624F596C06E2731C580F87D8</td></tr></tbody></table><h3><br/>File information</h3><p>Download <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/c/6/5/c653ced0-0e44-4549-b408-8eccd6e3bfea/4486750.csv\" managed-link=\"\" target=\"_blank\">the list of files that are included in security update 4486750</a>.</p><h2>Information about protection and security</h2><p>Protect yourself online: <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/hub/4099151\" managed-link=\"\" target=\"_blank\">Windows Security support</a></p><p>Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" managed-link=\"\" target=\"_blank\">Microsoft Security</a></p></body></html>", "published": "2020-12-08T02:37:23", "modified": "2020-12-08T18:04:27", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486750/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17125", "CVE-2020-17126"], "immutableFields": [], "lastseen": "2020-12-30T19:02:23", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-12-30T19:02:23", "references": [{"idList": ["CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17125", "CVE-2020-17126"], "type": "cve"}, {"idList": ["THN:BCD236457064C9D8673B1536BE370718"], "type": "thn"}, {"idList": ["SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL", "SMB_NT_MS20_DEC_OFFICE.NASL"], "type": "nessus"}, {"idList": ["KB4493140", "KB4493139", "KB4486754", "KB4486760", "KB4486757", "KB4493148"], "type": "mskb"}, {"idList": ["ZDI-20-1425", "ZDI-20-1424"], "type": "zdi"}, {"idList": ["TALOS-2020-1153"], "type": "talos"}, {"idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"], "type": "rapid7blog"}, {"idList": ["MS:CVE-2020-17128", "MS:CVE-2020-17129", "MS:CVE-2020-17125", "MS:CVE-2020-17123", "MS:CVE-2020-17126"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2020-12-30T19:02:23", "rev": 2, "value": 6.1, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486750", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486713", "KB4484141", "KB4486674", "KB4484290", "KB4484254"], "parentseeds": [], "msproducts": ["18432"], "supportAreaPaths": ["63f5ad6b-0eff-3e0a-5792-1c675509fb3f"], "supportAreaPathNodes": [{"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}], "primarySupportAreaPath": [{"id": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "name": "Servers", "tree": [], "type": "productfamily"}, {"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}]}, "lastseen": "2020-12-30T19:02:23", "differentElements": ["published"], "edition": 1}, {"bulletin": {"id": "KB4486750", "hash": "90c032aabb7bda8112ccadfa99716f5b", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: December 8, 2020", "description": "<html><body><p>Provides information about the Office Online Server security update 4486750 that was released on December 8, 2020.</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following security advisories:</p><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17123</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17125</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17126</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17128</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17129</a></li></ul><p><strong>Note</strong> To apply this security update, you must have the release version of Microsoft Office Online Server installed on the computer.</p></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486750\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=8cd5b65b-3454-4df7-8bb8-39701f06f06c\" managed-link=\"\">Download security update 4486750 for the 64-bit version of Office Online Server</a></li></ul><h2>More information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/20201208\" managed-link=\"\" target=\"_blank\">security update deployment information: December 8, 2020</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4486713\" managed-link=\"\" target=\"_blank\">4486713</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>wacserver2019-kb4486750-fullfile-x64-glb.exe</td><td>B72B79CA13C10A34315C8518EC2EF4D3C4813A03</td><td>4EE016FC93D01B28B8EAB608DE2765031C9B4031624F596C06E2731C580F87D8</td></tr></tbody></table><h3><br/>File information</h3><p>Download <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/c/6/5/c653ced0-0e44-4549-b408-8eccd6e3bfea/4486750.csv\" managed-link=\"\" target=\"_blank\">the list of files that are included in security update 4486750</a>.</p><h2>Information about protection and security</h2><p>Protect yourself online: <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/hub/4099151\" managed-link=\"\" target=\"_blank\">Windows Security support</a></p><p>Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" managed-link=\"\" target=\"_blank\">Microsoft Security</a></p></body></html>", "published": "2020-12-08T00:00:00", "modified": "2020-12-08T18:04:27", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486750/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17125", "CVE-2020-17126"], "immutableFields": [], "lastseen": "2021-01-01T22:35:46", "history": [], "viewCount": 203, "enchantments": {"dependencies": {"modified": "2021-01-01T22:35:46", "references": [{"idList": ["CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17125", "CVE-2020-17126"], "type": "cve"}, {"idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"], "type": "avleonov"}, {"idList": ["THN:BCD236457064C9D8673B1536BE370718"], "type": "thn"}, {"idList": ["SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL", "SMB_NT_MS20_DEC_OFFICE.NASL"], "type": "nessus"}, {"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"], "type": "metasploit"}, {"idList": ["KB4493140", "KB4493139", "KB4486754", "KB4486760", "KB4486757", "KB4493148"], "type": "mskb"}, {"idList": ["ZDI-20-1425", "ZDI-20-1424"], "type": "zdi"}, {"idList": ["TALOS-2020-1153"], "type": "talos"}, {"idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"], "type": "rapid7blog"}, {"idList": ["MS:CVE-2020-17128", "MS:CVE-2020-17129", "MS:CVE-2020-17125", "MS:CVE-2020-17123", "MS:CVE-2020-17126"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2021-01-01T22:35:46", "rev": 2, "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486750", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486713", "KB4484141", "KB4486674", "KB4484290", "KB4484254"], "parentseeds": [], "msproducts": ["18432"], "supportAreaPaths": ["63f5ad6b-0eff-3e0a-5792-1c675509fb3f"], "supportAreaPathNodes": [{"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}], "primarySupportAreaPath": [{"id": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "name": "Servers", "tree": [], "type": "productfamily"}, {"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}]}, "lastseen": "2021-01-01T22:35:46", "differentElements": ["description", "href", "modified", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "primarySupportAreaPath", "published", "superseeds", "supportAreaPathNodes", "supportAreaPaths"], "edition": 2}, {"bulletin": {"id": "KB4486750", "hash": "8f746388e4a54c05598c76a2807fc388", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: December 8, 2020", "description": "# Description of the security update for Office Online Server: December 8,\n2020\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17123](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17125](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17126](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17128](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17129](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486750)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486750 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=8cd5b65b-3454-4df7-8bb8-39701f06f06c)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: December 8, 2020](https://support.microsoft.com/en-\nus/help/20201208).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486713](http://support.microsoft.com/kb/4486713).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486750-fullfile-x64-glb.exe|\nB72B79CA13C10A34315C8518EC2EF4D3C4813A03|\n4EE016FC93D01B28B8EAB608DE2765031C9B4031624F596C06E2731C580F87D8 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486750](https://download.microsoft.com/download/c/6/5/c653ced0-0e44-4549-b408-8eccd6e3bfea/4486750.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17125", "CVE-2020-17126"], "immutableFields": [], "lastseen": "2021-07-24T23:41:32", "history": [], "viewCount": 203, "enchantments": {"dependencies": {"modified": "2021-07-24T23:41:32", "references": [{"idList": ["CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17125", "CVE-2020-17126"], "type": "cve"}, {"idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"], "type": "avleonov"}, {"idList": ["THN:BCD236457064C9D8673B1536BE370718"], "type": "thn"}, {"idList": ["SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL", "SMB_NT_MS20_DEC_OFFICE.NASL"], "type": "nessus"}, {"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"], "type": "metasploit"}, {"idList": ["KB4493140", "KB4493139", "KB4486754", "KB4486760", "KB4486757", "KB4493148"], "type": "mskb"}, {"idList": ["ZDI-20-1425", "ZDI-20-1424"], "type": "zdi"}, {"idList": ["TALOS-2020-1153"], "type": "talos"}, {"idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"], "type": "rapid7blog"}, {"idList": ["MS:CVE-2020-17128", "MS:CVE-2020-17129", "MS:CVE-2020-17125", "MS:CVE-2020-17123", "MS:CVE-2020-17126"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2021-07-24T23:41:32", "rev": 2, "value": 5.1, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4486713", "KB4484141", "KB4486674", "KB4484290", "KB4484254"], "parentseeds": ["KB5001943", "KB4493160", "KB5001973", "KB4504714", "KB4493229", "KB5001914", "KB4493192"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-24T23:41:32", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "title"], "edition": 3}, {"bulletin": {"id": "KB4486750", "hash": "718ee4a2e134483de914e030c0de5839da98e67e848de7f8a8dbe3a9de5f901f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-12-08", "description": "", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17129"], "immutableFields": [], "lastseen": "2021-07-27T10:13:03", "history": [], "viewCount": 203, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:03", "references": [{"idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"], "type": "avleonov"}, {"idList": ["SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL"], "type": "nessus"}, {"idList": ["MS:CVE-2020-17129"], "type": "mscve"}, {"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"], "type": "metasploit"}, {"idList": ["KB4493139", "KB4486760", "KB4493148"], "type": "mskb"}, {"idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"], "type": "rapid7blog"}, {"idList": ["CVE-2020-17129"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:03", "rev": 2, "value": 4.3, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4484290", "KB4462169", "KB4486674", "KB4461633", "KB4475528", "KB4011027", "KB4484470", "KB4484223", "KB4484254", "KB4486713", "KB4484451", "KB4484270", "KB4475511", "KB4484503"], "parentseeds": ["KB4493229", "KB4504714", "KB4493160", "KB5001943", "KB4493192", "KB5001914", "KB5001973"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:03", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds"], "edition": 4}, {"bulletin": {"id": "KB4486750", "hash": "ed91e1315ef863531217f97336a60eeca50aff3a2e52563a12664c7cc73acf5a", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-12-08", "description": "", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17129"], "immutableFields": [], "lastseen": "2021-07-27T10:13:03", "history": [], "viewCount": 203, "enchantments": {"dependencies": {"modified": "2021-07-27T10:13:03", "references": [{"idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"], "type": "avleonov"}, {"idList": ["SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL"], "type": "nessus"}, {"idList": ["MS:CVE-2020-17129"], "type": "mscve"}, {"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"], "type": "metasploit"}, {"idList": ["KB4493139", "KB4486760", "KB4493148"], "type": "mskb"}, {"idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"], "type": "rapid7blog"}, {"idList": ["CVE-2020-17129"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-07-27T10:13:03", "rev": 2, "value": 4.3, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:13:03", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds", "title"], "edition": 5}, {"bulletin": {"id": "KB4486750", "hash": "cc2f873e3255e84b6c694548fede3ce5", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: December 8, 2020", "description": "# Description of the security update for Office Online Server: December 8,\n2020\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17123](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17125](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17126](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17128](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17129](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486750)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486750 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=8cd5b65b-3454-4df7-8bb8-39701f06f06c)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: December 8, 2020](https://support.microsoft.com/en-\nus/help/20201208).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486713](http://support.microsoft.com/kb/4486713).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486750-fullfile-x64-glb.exe|\nB72B79CA13C10A34315C8518EC2EF4D3C4813A03|\n4EE016FC93D01B28B8EAB608DE2765031C9B4031624F596C06E2731C580F87D8 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486750](https://download.microsoft.com/download/c/6/5/c653ced0-0e44-4549-b408-8eccd6e3bfea/4486750.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17123", "CVE-2020-17126", "CVE-2020-17129", "CVE-2020-17128", "CVE-2020-17125"], "immutableFields": [], "lastseen": "2021-08-01T10:10:04", "history": [], "viewCount": 203, "enchantments": {"dependencies": {"references": [{"type": "mskb", "idList": ["KB4486754", "KB4493148", "KB4493139", "KB4486760", "KB4493140", "KB4486757"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_EXCEL.NASL", "SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_OFFICE.NASL"]}, {"type": "cve", "idList": ["CVE-2020-17129", "CVE-2020-17125", "CVE-2020-17128", "CVE-2020-17126", "CVE-2020-17123"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17125", "MS:CVE-2020-17128", "MS:CVE-2020-17126", "MS:CVE-2020-17123", "MS:CVE-2020-17129"]}, {"type": "zdi", "idList": ["ZDI-20-1425", "ZDI-20-1424"]}, {"type": "talos", "idList": ["TALOS-2020-1153"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "thn", "idList": ["THN:BCD236457064C9D8673B1536BE370718"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}], "modified": "2021-08-01T10:10:04", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-08-01T10:10:04", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4011027", "KB4484451", "KB4484223", "KB4475595", "KB4461633", "KB4486713", "KB4484141", "KB4484290", "KB4486674", "KB4462169", "KB4475528", "KB4484503", "KB4484270", "KB4484470", "KB4475511"], "parentseeds": ["KB4493229", "KB5001914", "KB4504714", "KB4493192", "KB5001943", "KB5001973", "KB4493160"], "msproducts": ["10836", "11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-01T10:10:04", "differentElements": ["description"], "edition": 6}, {"bulletin": {"id": "KB4486750", "hash": "b940a016c556ebb901dfa84ed828b28f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: December 8, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17123](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17125](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17126](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17128](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17129](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486750)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486750 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=8cd5b65b-3454-4df7-8bb8-39701f06f06c)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: December 8, 2020](https://support.microsoft.com/en-\nus/help/20201208).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486713](http://support.microsoft.com/kb/4486713).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486750-fullfile-x64-glb.exe|\nB72B79CA13C10A34315C8518EC2EF4D3C4813A03|\n4EE016FC93D01B28B8EAB608DE2765031C9B4031624F596C06E2731C580F87D8 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486750](https://download.microsoft.com/download/c/6/5/c653ced0-0e44-4549-b408-8eccd6e3bfea/4486750.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17128", "CVE-2020-17126", "CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17125"], "immutableFields": [], "lastseen": "2021-08-12T23:34:41", "history": [], "viewCount": 204, "enchantments": {"dependencies": {"references": [{"type": "mskb", "idList": ["KB4486760", "KB4493139", "KB4493148", "KB4493140", "KB4486754", "KB4486757"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_OFFICE.NASL", "SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL"]}, {"type": "cve", "idList": ["CVE-2020-17125", "CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17126", "CVE-2020-17128"]}, {"type": "kaspersky", "idList": ["KLA12023"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17128", "MS:CVE-2020-17125", "MS:CVE-2020-17126", "MS:CVE-2020-17123", "MS:CVE-2020-17129"]}, {"type": "zdi", "idList": ["ZDI-20-1424", "ZDI-20-1425"]}, {"type": "talos", "idList": ["TALOS-2020-1153"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "thn", "idList": ["THN:BCD236457064C9D8673B1536BE370718"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}], "modified": "2021-08-12T23:34:41", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2021-08-12T23:34:41", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4011027", "KB4484223", "KB4484451", "KB4484141", "KB4484503", "KB4475595", "KB4484270", "KB4475511", "KB4484470", "KB4462169", "KB4486713", "KB4484254", "KB4461633", "KB4484290", "KB4486674", "KB4475528"], "parentseeds": ["KB5001914", "KB4504714", "KB4493229", "KB4493160", "KB4493192", "KB5001973", "KB5001943"], "msproducts": ["10836", "11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:34:41", "differentElements": ["cvelist", "description", "title"], "edition": 7}, {"bulletin": {"id": "KB4486750", "hash": "3bf9e78ebde53cd23ce09458b048340c", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-12-08", "description": "", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17129"], "immutableFields": [], "lastseen": "2021-08-28T09:34:16", "history": [], "viewCount": 205, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-17129"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17129"]}, {"type": "mskb", "idList": ["KB4486760", "KB4493148", "KB4493139"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL"]}, {"type": "kaspersky", "idList": ["KLA12023"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}], "modified": "2021-08-28T09:34:16", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-08-28T09:34:16", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4461633", "KB4486713", "KB4484503", "KB4475528", "KB4484470", "KB4484141", "KB4475595", "KB4484290", "KB4475511", "KB4484270", "KB4011027", "KB4462169", "KB4484223", "KB4486674", "KB4484451"], "parentseeds": ["KB4493229", "KB5001973", "KB4504714", "KB4493160", "KB4493192", "KB5001943", "KB5001914"], "msproducts": ["10836", "11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-28T09:34:16", "differentElements": ["cvelist", "description", "title"], "edition": 8}, {"bulletin": {"id": "KB4486750", "hash": "b940a016c556ebb901dfa84ed828b28f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: December 8, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17123](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17125](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17126](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17128](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17129](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486750)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486750 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=8cd5b65b-3454-4df7-8bb8-39701f06f06c)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: December 8, 2020](https://support.microsoft.com/en-\nus/help/20201208).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486713](http://support.microsoft.com/kb/4486713).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486750-fullfile-x64-glb.exe|\nB72B79CA13C10A34315C8518EC2EF4D3C4813A03|\n4EE016FC93D01B28B8EAB608DE2765031C9B4031624F596C06E2731C580F87D8 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486750](https://download.microsoft.com/download/c/6/5/c653ced0-0e44-4549-b408-8eccd6e3bfea/4486750.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17129", "CVE-2020-17123", "CVE-2020-17128", "CVE-2020-17126", "CVE-2020-17125"], "immutableFields": [], "lastseen": "2021-09-04T09:35:24", "history": [], "viewCount": 205, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_EXCEL.NASL", "SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_OFFICE.NASL"]}, {"type": "cve", "idList": ["CVE-2020-17123", "CVE-2020-17126", "CVE-2020-17129", "CVE-2020-17125", "CVE-2020-17128"]}, {"type": "kaspersky", "idList": ["KLA12023"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17128", "MS:CVE-2020-17129", "MS:CVE-2020-17123", "MS:CVE-2020-17125", "MS:CVE-2020-17126"]}, {"type": "mskb", "idList": ["KB4493140", "KB4486760", "KB4493148", "KB4493139", "KB4486757"]}, {"type": "zdi", "idList": ["ZDI-20-1424", "ZDI-20-1425"]}, {"type": "talos", "idList": ["TALOS-2020-1153"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "thn", "idList": ["THN:BCD236457064C9D8673B1536BE370718"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}], "modified": "2021-09-04T09:35:24", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2021-09-04T09:35:24", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475528", "KB4484451", "KB4486713", "KB4484141", "KB4484503", "KB4484223", "KB4462169", "KB4475595", "KB4484470", "KB4484254", "KB4484290", "KB4484270", "KB4475511", "KB4486674", "KB4461633", "KB4011027"], "parentseeds": ["KB4493160", "KB4493192", "KB5001914", "KB5001943", "KB4504714", "KB4493229", "KB5001973"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-04T09:35:24", "differentElements": ["cvelist", "description", "title"], "edition": 9}, {"bulletin": {"id": "KB4486750", "hash": "3bf9e78ebde53cd23ce09458b048340c", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-12-08", "description": "", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17129"], "immutableFields": [], "lastseen": "2021-09-05T09:27:51", "history": [], "viewCount": 205, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-17129"]}, {"type": "mskb", "idList": ["KB4493139", "KB4493148", "KB4486760"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17129"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL"]}, {"type": "kaspersky", "idList": ["KLA12023"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}], "modified": "2021-09-05T09:27:51", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-09-05T09:27:51", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4484290", "KB4011027", "KB4486713", "KB4484141", "KB4484254", "KB4475511", "KB4486674", "KB4484470", "KB4484451", "KB4484270", "KB4484503", "KB4475528", "KB4484223", "KB4475595"], "parentseeds": ["KB5001973", "KB4493160", "KB4504714", "KB5001943", "KB4493192", "KB5001914", "KB4493229"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-05T09:27:51", "differentElements": ["cvelist", "description", "title"], "edition": 10}, {"bulletin": {"id": "KB4486750", "hash": "b940a016c556ebb901dfa84ed828b28f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: December 8, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17123](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17125](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17126](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17128](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-17129](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486750)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486750 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=8cd5b65b-3454-4df7-8bb8-39701f06f06c)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: December 8, 2020](https://support.microsoft.com/en-\nus/help/20201208).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486713](http://support.microsoft.com/kb/4486713).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486750-fullfile-x64-glb.exe|\nB72B79CA13C10A34315C8518EC2EF4D3C4813A03|\n4EE016FC93D01B28B8EAB608DE2765031C9B4031624F596C06E2731C580F87D8 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486750](https://download.microsoft.com/download/c/6/5/c653ced0-0e44-4549-b408-8eccd6e3bfea/4486750.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-12-08T08:00:00", "modified": "2020-12-08T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486750", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17123", "CVE-2020-17128", "CVE-2020-17126", "CVE-2020-17129", "CVE-2020-17125"], "immutableFields": [], "lastseen": "2021-09-06T10:40:09", "history": [], "viewCount": 205, "enchantments": {"dependencies": {"references": [{"type": "mskb", "idList": ["KB4486754", "KB4486760", "KB4493139", "KB4486757", "KB4493140", "KB4493148"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_EXCEL.NASL", "SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_OFFICE.NASL"]}, {"type": "cve", "idList": ["CVE-2020-17123", "CVE-2020-17128", "CVE-2020-17125", "CVE-2020-17129", "CVE-2020-17126"]}, {"type": "kaspersky", "idList": ["KLA12023"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17123", "MS:CVE-2020-17128", "MS:CVE-2020-17125", "MS:CVE-2020-17129", "MS:CVE-2020-17126"]}, {"type": "zdi", "idList": ["ZDI-20-1424", "ZDI-20-1425"]}, {"type": "talos", "idList": ["TALOS-2020-1153"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "thn", "idList": ["THN:BCD236457064C9D8673B1536BE370718"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}], "modified": "2021-09-06T10:40:09", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2021-09-06T10:40:09", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4486713", "KB4011027", "KB4484503", "KB4461633", "KB4462169", "KB4484254", "KB4475595", "KB4484451", "KB4484290", "KB4484223", "KB4484141", "KB4484270", "KB4475528", "KB4475511", "KB4484470"], "parentseeds": ["KB5001943", "KB5001973", "KB4493160", "KB4493192", "KB5001914", "KB4504714", "KB4493229"], "msproducts": ["10836", "11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:40:09", "differentElements": ["parentseeds"], "edition": 11}], "viewCount": 205, "enchantments": {"dependencies": {"references": [{"type": "mskb", "idList": ["KB4486760", "KB4493148", "KB4493140", "KB4493139", "KB4486754", "KB4486757"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17123/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_OFFICE_WEB.NASL", "SMB_NT_MS20_DEC_OFFICE.NASL", "SMB_NT_MS20_DEC_EXCEL.NASL"]}, {"type": "cve", "idList": ["CVE-2020-17128", "CVE-2020-17126", "CVE-2020-17129", "CVE-2020-17125", "CVE-2020-17123"]}, {"type": "kaspersky", "idList": ["KLA12023"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17126", "MS:CVE-2020-17123", "MS:CVE-2020-17128", "MS:CVE-2020-17125", "MS:CVE-2020-17129"]}, {"type": "zdi", "idList": ["ZDI-20-1425", "ZDI-20-1424"]}, {"type": "talos", "idList": ["TALOS-2020-1153"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "thn", "idList": ["THN:BCD236457064C9D8673B1536BE370718"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}], "modified": "2021-09-15T19:56:30", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2021-09-15T19:56:30", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486750", "msrc": "", "mscve": "CVE-2020-17129", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4484270", "KB4462169", "KB4484290", "KB4484503", "KB4484470", "KB4484451", "KB4475528", "KB4484141", "KB4461633", "KB4011027", "KB4475595", "KB4484223", "KB4484254", "KB4475511", "KB4486713"], "parentseeds": ["KB4493229", "KB4493192", "KB5001999", "KB5001914", "KB5001943", "KB5001973", "KB4504714", "KB4493160"], "msproducts": ["11605", "10836"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB4486713", "hash": "8b44b64c34cecbd131b48caebe865be6", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: November 10, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see [Microsoft Common\nVulnerabilities and Exposures\nCVE-2020-17064](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17064) and [Microsoft Common Vulnerabilities and\nExposures CVE-2020-17065](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17065). \n \n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486713)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486713 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=866ab700-95d1-4a3d-8c02-fa1e656ef902)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: November 10, 2020](https://support.microsoft.com/en-\nus/help/20201110).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486674](http://support.microsoft.com/kb/4486674).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486713-fullfile-x64-glb.exe|\n739299592F65EB7FD1890808E97C3AF8430D9B4B|\n6C3166E5A7EE4E21F27D834FE23E31AABA1D33C7A77FDD5D7F2B0163B3C839D1 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486713](https://download.microsoft.com/download/c/2/1/c21fd18d-9452-4278-8e8f-8a50d82c0099/4486713.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-11-10T08:00:00", "modified": "2020-11-10T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486713", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17065", "CVE-2020-17064"], "immutableFields": [], "lastseen": "2021-09-15T19:55:45", "history": [{"bulletin": {"id": "KB4486713", "hash": "30a9f428801ce3c78cbca0c25a6534989c7c7067378246b363daa2e7fd312b3e", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: November 10, 2020", "description": "<html><body><p>Provides information about the Office Online Server security update 4486713 that was released on November 10, 2020.</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17064</a>\u00a0and\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17065</a>.<br/><br/><strong>Note</strong> To apply this security update, you must have the release version of Microsoft Office Online Server installed on the computer.</p></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486713\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=866ab700-95d1-4a3d-8c02-fa1e656ef902\" managed-link=\"\">Download security update 4486713 for the 64-bit version of Office Online Server</a></li></ul><h2>More information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/20201110\" managed-link=\"\" target=\"_blank\">security update deployment information: November 10, 2020</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4486674\" managed-link=\"\" target=\"_blank\">4486674</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>wacserver2019-kb4486713-fullfile-x64-glb.exe</td><td>739299592F65EB7FD1890808E97C3AF8430D9B4B</td><td>6C3166E5A7EE4E21F27D834FE23E31AABA1D33C7A77FDD5D7F2B0163B3C839D1</td></tr></tbody></table><h3><br/>File information</h3><p>Download <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/c/2/1/c21fd18d-9452-4278-8e8f-8a50d82c0099/4486713.csv\" managed-link=\"\" target=\"_blank\">the list of files that are included in security update 4486713</a>.</p><h2>Information about protection and security</h2><p>Protect yourself online: <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/hub/4099151\" managed-link=\"\" target=\"_blank\">Windows Security support</a></p><p>Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" managed-link=\"\" target=\"_blank\">Microsoft Security</a></p></body></html>", "published": "2020-11-09T01:48:16", "modified": "2020-11-10T18:09:39", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486713/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17065", "CVE-2020-17064"], "immutableFields": [], "lastseen": "2020-12-30T19:00:06", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-12-30T19:00:06", "references": [{"idList": ["CVE-2020-17065", "CVE-2020-17064"], "type": "cve"}, {"idList": ["KB4486722", "KB4486734", "KB4486727", "KB4486737", "KB4486743", "KB4486725", "KB4486718"], "type": "mskb"}, {"idList": ["MS:CVE-2020-17065", "MS:CVE-2020-17064"], "type": "mscve"}, {"idList": ["SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-12-30T19:00:06", "rev": 2, "value": 5.2, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486713", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4484141", "KB4486674", "KB4484290", "KB4484254"], "parentseeds": ["KB4486750"], "msproducts": ["18432"], "supportAreaPaths": ["63f5ad6b-0eff-3e0a-5792-1c675509fb3f"], "supportAreaPathNodes": [{"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}], "primarySupportAreaPath": [{"id": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "name": "Servers", "tree": [], "type": "productfamily"}, {"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}]}, "lastseen": "2020-12-30T19:00:06", "differentElements": ["published"], "edition": 1}, {"bulletin": {"id": "KB4486713", "hash": "e2c58d8d1447c336c5eb0ffe50bde40f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: November 10, 2020", "description": "<html><body><p>Provides information about the Office Online Server security update 4486713 that was released on November 10, 2020.</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17064</a>\u00a0and\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-17065</a>.<br/><br/><strong>Note</strong> To apply this security update, you must have the release version of Microsoft Office Online Server installed on the computer.</p></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486713\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=866ab700-95d1-4a3d-8c02-fa1e656ef902\" managed-link=\"\">Download security update 4486713 for the 64-bit version of Office Online Server</a></li></ul><h2>More information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/20201110\" managed-link=\"\" target=\"_blank\">security update deployment information: November 10, 2020</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4486674\" managed-link=\"\" target=\"_blank\">4486674</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>wacserver2019-kb4486713-fullfile-x64-glb.exe</td><td>739299592F65EB7FD1890808E97C3AF8430D9B4B</td><td>6C3166E5A7EE4E21F27D834FE23E31AABA1D33C7A77FDD5D7F2B0163B3C839D1</td></tr></tbody></table><h3><br/>File information</h3><p>Download <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/c/2/1/c21fd18d-9452-4278-8e8f-8a50d82c0099/4486713.csv\" managed-link=\"\" target=\"_blank\">the list of files that are included in security update 4486713</a>.</p><h2>Information about protection and security</h2><p>Protect yourself online: <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/hub/4099151\" managed-link=\"\" target=\"_blank\">Windows Security support</a></p><p>Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" managed-link=\"\" target=\"_blank\">Microsoft Security</a></p></body></html>", "published": "2020-11-10T00:00:00", "modified": "2020-11-10T18:09:39", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486713/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17065", "CVE-2020-17064"], "immutableFields": [], "lastseen": "2021-01-01T22:51:13", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"modified": "2021-01-01T22:51:13", "references": [{"idList": ["CVE-2020-17065", "CVE-2020-17064"], "type": "cve"}, {"idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"], "type": "avleonov"}, {"idList": ["KB4486722", "KB4486734", "KB4486727", "KB4486737", "KB4486743", "KB4486725", "KB4486718"], "type": "mskb"}, {"idList": ["MS:CVE-2020-17065", "MS:CVE-2020-17064"], "type": "mscve"}, {"idList": ["SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"], "type": "nessus"}, {"idList": ["MSF:ILITIES/MSFT-CVE-2020-17065/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/"], "type": "metasploit"}], "rev": 2}, "score": {"modified": "2021-01-01T22:51:13", "rev": 2, "value": 4.3, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486713", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4484141", "KB4486674", "KB4484290", "KB4484254"], "parentseeds": ["KB4486750"], "msproducts": ["18432"], "supportAreaPaths": ["63f5ad6b-0eff-3e0a-5792-1c675509fb3f"], "supportAreaPathNodes": [{"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}], "primarySupportAreaPath": [{"id": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "name": "Servers", "tree": [], "type": "productfamily"}, {"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}]}, "lastseen": "2021-01-01T22:51:13", "differentElements": ["description", "href", "modified", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "primarySupportAreaPath", "published", "superseeds", "supportAreaPathNodes", "supportAreaPaths"], "edition": 2}, {"bulletin": {"id": "KB4486713", "hash": "5b8a0ece5d850c10188731f45746377d", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: November 10, 2020", "description": "# Description of the security update for Office Online Server: November 10,\n2020\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see [Microsoft Common\nVulnerabilities and Exposures\nCVE-2020-17064](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17064) and [Microsoft Common Vulnerabilities and\nExposures CVE-2020-17065](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17065). \n \n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486713)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486713 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=866ab700-95d1-4a3d-8c02-fa1e656ef902)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: November 10, 2020](https://support.microsoft.com/en-\nus/help/20201110).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486674](http://support.microsoft.com/kb/4486674).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486713-fullfile-x64-glb.exe|\n739299592F65EB7FD1890808E97C3AF8430D9B4B|\n6C3166E5A7EE4E21F27D834FE23E31AABA1D33C7A77FDD5D7F2B0163B3C839D1 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486713](https://download.microsoft.com/download/c/2/1/c21fd18d-9452-4278-8e8f-8a50d82c0099/4486713.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-11-10T08:00:00", "modified": "2020-11-10T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486713", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17065", "CVE-2020-17064"], "immutableFields": [], "lastseen": "2021-07-24T23:41:03", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"modified": "2021-07-24T23:41:03", "references": [{"idList": ["CVE-2020-17065", "CVE-2020-17064"], "type": "cve"}, {"idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"], "type": "avleonov"}, {"idList": ["KB4486722", "KB4486734", "KB4486727", "KB4486737", "KB4486743", "KB4486725", "KB4486718"], "type": "mskb"}, {"idList": ["MS:CVE-2020-17065", "MS:CVE-2020-17064"], "type": "mscve"}, {"idList": ["SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"], "type": "nessus"}, {"idList": ["MSF:ILITIES/MSFT-CVE-2020-17065/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/"], "type": "metasploit"}], "rev": 2}, "score": {"modified": "2021-07-24T23:41:03", "rev": 2, "value": 4.1, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486713", "msrc": "", "mscve": "CVE-2020-17064", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4484141", "KB4486674", "KB4484290", "KB4484254"], "parentseeds": ["KB5001943", "KB4493160", "KB5001973", "KB4486750", "KB4504714", "KB4493229", "KB5001914", "KB4493192"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-24T23:41:03", "differentElements": ["cvelist", "cvss", "cvss2", "cvss3", "description", "title"], "edition": 3}, {"bulletin": {"id": "KB4486713", "hash": "c9df80bcbd2fc82e9bb93b5f89c29c3ffb349fcf0d71950a05aba6eeb5db83ce", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-11-10", "description": "", "published": "2020-11-10T08:00:00", "modified": "2020-11-10T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486713", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17064"], "immutableFields": [], "lastseen": "2021-07-27T10:12:57", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"modified": "2021-07-27T10:12:57", "references": [{"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/"], "type": "metasploit"}, {"idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"], "type": "avleonov"}, {"idList": ["CVE-2020-17064"], "type": "cve"}, {"idList": ["MS:CVE-2020-17064"], "type": "mscve"}, {"idList": ["SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"], "type": "nessus"}, {"idList": ["KB4486722", "KB4486727", "KB4486737", "KB4486725"], "type": "mskb"}], "rev": 2}, "score": {"modified": "2021-07-27T10:12:57", "rev": 2, "value": 4.3, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486713", "msrc": "", "mscve": "CVE-2020-17064", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4484290", "KB4462169", "KB4461633", "KB4486674", "KB4475528", "KB4011027", "KB4484470", "KB4484223", "KB4484254", "KB4484451", "KB4484270", "KB4475511", "KB4484503"], "parentseeds": ["KB4493229", "KB4504714", "KB4486750", "KB4493160", "KB5001943", "KB4493192", "KB5001914", "KB5001973"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:12:57", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds"], "edition": 4}, {"bulletin": {"id": "KB4486713", "hash": "5e3317ea850037bdce94a6d1f084b73d16674debdfa1d4b313a7c255440449f4", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-11-10", "description": "", "published": "2020-11-10T08:00:00", "modified": "2020-11-10T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486713", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17064"], "immutableFields": [], "lastseen": "2021-07-27T10:12:57", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"modified": "2021-07-27T10:12:57", "references": [{"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/"], "type": "metasploit"}, {"idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"], "type": "avleonov"}, {"idList": ["CVE-2020-17064"], "type": "cve"}, {"idList": ["MS:CVE-2020-17064"], "type": "mscve"}, {"idList": ["SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"], "type": "nessus"}, {"idList": ["KB4486722", "KB4486727", "KB4486737", "KB4486725"], "type": "mskb"}], "rev": 2}, "score": {"modified": "2021-07-27T10:12:57", "rev": 2, "value": 4.3, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:12:57", "differentElements": ["cvelist", "cvss", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds", "title"], "edition": 5}, {"bulletin": {"id": "KB4486713", "hash": "64c24c9ff553e722eda881623ef514d9", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: November 10, 2020", "description": "# Description of the security update for Office Online Server: November 10,\n2020\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see [Microsoft Common\nVulnerabilities and Exposures\nCVE-2020-17064](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17064) and [Microsoft Common Vulnerabilities and\nExposures CVE-2020-17065](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17065). \n \n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486713)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486713 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=866ab700-95d1-4a3d-8c02-fa1e656ef902)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: November 10, 2020](https://support.microsoft.com/en-\nus/help/20201110).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486674](http://support.microsoft.com/kb/4486674).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486713-fullfile-x64-glb.exe|\n739299592F65EB7FD1890808E97C3AF8430D9B4B|\n6C3166E5A7EE4E21F27D834FE23E31AABA1D33C7A77FDD5D7F2B0163B3C839D1 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486713](https://download.microsoft.com/download/c/2/1/c21fd18d-9452-4278-8e8f-8a50d82c0099/4486713.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-11-10T08:00:00", "modified": "2020-11-10T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486713", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17064", "CVE-2020-17065"], "immutableFields": [], "lastseen": "2021-08-01T10:09:25", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-17064", "CVE-2020-17065"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2020-17065/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL", "SMB_NT_MS20_NOV_EXCEL.NASL"]}, {"type": "mskb", "idList": ["KB4486743", "KB4486725", "KB4486722", "KB4486718", "KB4486737", "KB4486727", "KB4486734"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17064", "MS:CVE-2020-17065"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}], "modified": "2021-08-01T10:09:25", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2021-08-01T10:09:25", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486713", "msrc": "", "mscve": "CVE-2020-17064", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4011027", "KB4484451", "KB4484223", "KB4475595", "KB4461633", "KB4484141", "KB4484290", "KB4462169", "KB4486674", "KB4475528", "KB4484503", "KB4484270", "KB4484470", "KB4475511"], "parentseeds": ["KB4493229", "KB5001914", "KB4504714", "KB4493192", "KB4486750", "KB5001943", "KB5001973", "KB4493160"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-01T10:09:25", "differentElements": ["description"], "edition": 6}, {"bulletin": {"id": "KB4486713", "hash": "140d05f24cc24cfdb5eee7901ed70f69", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: November 10, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see [Microsoft Common\nVulnerabilities and Exposures\nCVE-2020-17064](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17064) and [Microsoft Common Vulnerabilities and\nExposures CVE-2020-17065](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17065). \n \n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486713)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486713 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=866ab700-95d1-4a3d-8c02-fa1e656ef902)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: November 10, 2020](https://support.microsoft.com/en-\nus/help/20201110).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486674](http://support.microsoft.com/kb/4486674).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486713-fullfile-x64-glb.exe|\n739299592F65EB7FD1890808E97C3AF8430D9B4B|\n6C3166E5A7EE4E21F27D834FE23E31AABA1D33C7A77FDD5D7F2B0163B3C839D1 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486713](https://download.microsoft.com/download/c/2/1/c21fd18d-9452-4278-8e8f-8a50d82c0099/4486713.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-11-10T08:00:00", "modified": "2020-11-10T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486713", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17065", "CVE-2020-17064"], "immutableFields": [], "lastseen": "2021-08-12T23:33:59", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-17064", "CVE-2020-17065"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2020-17065/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB4486725", "KB4486727", "KB4486737", "KB4486743", "KB4486734", "KB4486722", "KB4486718"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17065", "MS:CVE-2020-17064"]}, {"type": "kaspersky", "idList": ["KLA12002"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}], "modified": "2021-08-12T23:33:59", "rev": 2}, "score": {"value": 4.2, "vector": "NONE", "modified": "2021-08-12T23:33:59", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486713", "msrc": "", "mscve": "CVE-2020-17064", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4011027", "KB4484223", "KB4484451", "KB4486674", "KB4484141", "KB4475595", "KB4484290", "KB4484470", "KB4475511", "KB4484270", "KB4461633", "KB4462169", "KB4484503", "KB4484254", "KB4475528"], "parentseeds": ["KB5001914", "KB4504714", "KB4493229", "KB4493160", "KB4486750", "KB4493192", "KB5001973", "KB5001943"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:33:59", "differentElements": ["cvelist", "cvss", "cvss2", "description", "title"], "edition": 7}, {"bulletin": {"id": "KB4486713", "hash": "5906d0dfc73e9942d5039fa092838f9c", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-11-10", "description": "", "published": "2020-11-10T08:00:00", "modified": "2020-11-10T08:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486713", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17064"], "immutableFields": [], "lastseen": "2021-08-28T09:34:09", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-17064"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/"]}, {"type": "mskb", "idList": ["KB4486725", "KB4486722", "KB4486737", "KB4486727"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17064"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"]}, {"type": "kaspersky", "idList": ["KLA12002"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}], "modified": "2021-08-28T09:34:09", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-08-28T09:34:09", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486713", "msrc": "", "mscve": "CVE-2020-17064", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4461633", "KB4011027", "KB4484503", "KB4475528", "KB4484470", "KB4475595", "KB4484141", "KB4484290", "KB4475511", "KB4484270", "KB4484223", "KB4462169", "KB4486674", "KB4484451"], "parentseeds": ["KB4493229", "KB5001973", "KB4504714", "KB4493160", "KB4486750", "KB4493192", "KB5001943", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-28T09:34:09", "differentElements": ["cvelist", "cvss", "cvss2", "description", "title"], "edition": 8}, {"bulletin": {"id": "KB4486713", "hash": "140d05f24cc24cfdb5eee7901ed70f69", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: November 10, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see [Microsoft Common\nVulnerabilities and Exposures\nCVE-2020-17064](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17064) and [Microsoft Common Vulnerabilities and\nExposures CVE-2020-17065](https://portal.msrc.microsoft.com/en-US/security-\nguidance/advisory/CVE-2020-17065). \n \n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486713)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486713 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=866ab700-95d1-4a3d-8c02-fa1e656ef902)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: November 10, 2020](https://support.microsoft.com/en-\nus/help/20201110).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4486674](http://support.microsoft.com/kb/4486674).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486713-fullfile-x64-glb.exe|\n739299592F65EB7FD1890808E97C3AF8430D9B4B|\n6C3166E5A7EE4E21F27D834FE23E31AABA1D33C7A77FDD5D7F2B0163B3C839D1 \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486713](https://download.microsoft.com/download/c/2/1/c21fd18d-9452-4278-8e8f-8a50d82c0099/4486713.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-11-10T08:00:00", "modified": "2020-11-10T08:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486713", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-17065", "CVE-2020-17064"], "immutableFields": [], "lastseen": "2021-09-06T10:39:31", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-17065", "CVE-2020-17064"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2020-17065/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB4486725", "KB4486743", "KB4486718", "KB4486737", "KB4486727", "KB4486734", "KB4486722"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17064", "MS:CVE-2020-17065"]}, {"type": "kaspersky", "idList": ["KLA12002"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}], "modified": "2021-09-06T10:39:31", "rev": 2}, "score": {"value": 4.2, "vector": "NONE", "modified": "2021-09-06T10:39:31", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486713", "msrc": "", "mscve": "CVE-2020-17064", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4011027", "KB4461633", "KB4462169", "KB4475511", "KB4484451", "KB4475595", "KB4484290", "KB4484270", "KB4484141", "KB4475528", "KB4484503", "KB4484254", "KB4484223", "KB4484470"], "parentseeds": ["KB4486750", "KB5001943", "KB5001973", "KB4493160", "KB4493192", "KB5001914", "KB4504714", "KB4493229"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:39:31", "differentElements": ["parentseeds"], "edition": 9}], "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-17065", "CVE-2020-17064"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17065/", "MSF:ILITIES/MSFT-CVE-2020-17065/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-17064/"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_NOV_OFFICE_WEB.NASL", "SMB_NT_MS20_NOV_EXCEL.NASL", "SMB_NT_MS20_NOV_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB4486718", "KB4486727", "KB4486722", "KB4486725", "KB4486737", "KB4486743", "KB4486734"]}, {"type": "mscve", "idList": ["MS:CVE-2020-17064", "MS:CVE-2020-17065"]}, {"type": "kaspersky", "idList": ["KLA12002"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}], "modified": "2021-09-15T19:55:45", "rev": 2}, "score": {"value": 4.2, "vector": "NONE", "modified": "2021-09-15T19:55:45", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486713", "msrc": "", "mscve": "CVE-2020-17064", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4486674", "KB4484270", "KB4462169", "KB4484290", "KB4484503", "KB4484470", "KB4484451", "KB4475528", "KB4484141", "KB4461633", "KB4011027", "KB4475595", "KB4484223", "KB4484254", "KB4475511"], "parentseeds": ["KB4493229", "KB4486750", "KB4493192", "KB5001999", "KB5001914", "KB5001943", "KB5001973", "KB4504714", "KB4493160"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}, {"id": "KB4486674", "hash": "10234655b3701c5fe7d6c4e2f946ea86", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: October 13, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16929](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16931](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16932](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486674)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486674 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=7c89582a-36d9-4701-b0d6-73c3df7e6cef)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: October 13, 2020](https://support.microsoft.com/en-\nus/help/20201013).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4484503](http://support.microsoft.com/kb/4484503).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486674-fullfile-x64-glb.exe|\n1D30E5EB4B9A9B4654E3F4E6137D7B83F68F7D4A|\nB39F6D186279D74B6A3CF8018E61341BC74FEE0D86F85B7E282B4A1156B0738D \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486674](https://download.microsoft.com/download/c/0/3/c03443f1-a081-42a5-aa47-731636124aaf/4486674.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486674", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16931", "CVE-2020-16932", "CVE-2020-16929"], "immutableFields": [], "lastseen": "2021-09-15T19:54:52", "history": [{"bulletin": {"id": "KB4486674", "hash": "86c251a76d1296db1bf0317a69732489a8df77357e55495e812002d5419315ef", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: October 13, 2020", "description": "<html><body><p>Provides information about the Office Online Server security update 4486674 that was released on October 13, 2020.</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see see the following security advisories:</p><ul><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-16929</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-16931</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-16932</a></li></ul><p><strong>Note</strong> To apply this security update, you must have the release version of Microsoft Office Online Server installed on the computer.</p></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486674\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=7c89582a-36d9-4701-b0d6-73c3df7e6cef\" managed-link=\"\">Download security update 4486674 for the 64-bit version of Office Online Server</a></li></ul><h2>More information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/20201013\" managed-link=\"\" target=\"_blank\">security update deployment information: October 13, 2020</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4484503\" managed-link=\"\" target=\"_blank\">4484503</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>wacserver2019-kb4486674-fullfile-x64-glb.exe</td><td>1D30E5EB4B9A9B4654E3F4E6137D7B83F68F7D4A</td><td>B39F6D186279D74B6A3CF8018E61341BC74FEE0D86F85B7E282B4A1156B0738D</td></tr></tbody></table><h3><br/>File information</h3><p>Download <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/c/0/3/c03443f1-a081-42a5-aa47-731636124aaf/4486674.csv\" managed-link=\"\" target=\"_blank\">the list of files that are included in security update 4486674</a>.</p><h2>Information about protection and security</h2><p>Protect yourself online: <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/hub/4099151\" managed-link=\"\" target=\"_blank\">Windows Security support</a></p><p>Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" managed-link=\"\" target=\"_blank\">Microsoft Security</a></p></body></html>", "published": "2020-10-11T23:12:14", "modified": "2020-10-13T17:17:22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486674/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16932", "CVE-2020-16929", "CVE-2020-16931"], "immutableFields": [], "lastseen": "2020-12-30T19:00:50", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-12-30T19:00:50", "references": [{"idList": ["SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS20_OCT_OFFICE.NASL"], "type": "nessus"}, {"idList": ["ZDI-20-1253", "ZDI-20-1255", "ZDI-20-1251"], "type": "zdi"}, {"idList": ["KB4486682", "KB4486700", "KB4486688", "KB4462175", "KB4486695", "KB4486687", "KB4486707", "KB4484531", "KB4486689", "KB4486678"], "type": "mskb"}, {"idList": ["MS:CVE-2020-16932", "MS:CVE-2020-16931", "MS:CVE-2020-16929"], "type": "mscve"}, {"idList": ["CVE-2020-16932", "CVE-2020-16929", "CVE-2020-16931"], "type": "cve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2020-12-30T19:00:50", "rev": 2, "value": 5.7, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486674", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4484141", "KB4484290", "KB4484254"], "parentseeds": ["KB4486750", "KB4486713"], "msproducts": ["17874"], "supportAreaPaths": ["63f5ad6b-0eff-3e0a-5792-1c675509fb3f"], "supportAreaPathNodes": [{"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}], "primarySupportAreaPath": [{"id": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "name": "Servers", "tree": [], "type": "productfamily"}, {"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}]}, "lastseen": "2020-12-30T19:00:50", "differentElements": ["published"], "edition": 1}, {"bulletin": {"id": "KB4486674", "hash": "f7be49b8c37ee682211f5165ed878583", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: October 13, 2020", "description": "<html><body><p>Provides information about the Office Online Server security update 4486674 that was released on October 13, 2020.</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see see the following security advisories:</p><ul><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-16929</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-16931</a></li><li><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932\" managed-link=\"\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2020-16932</a></li></ul><p><strong>Note</strong> To apply this security update, you must have the release version of Microsoft Office Online Server installed on the computer.</p></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486674\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=7c89582a-36d9-4701-b0d6-73c3df7e6cef\" managed-link=\"\">Download security update 4486674 for the 64-bit version of Office Online Server</a></li></ul><h2>More information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/20201013\" managed-link=\"\" target=\"_blank\">security update deployment information: October 13, 2020</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4484503\" managed-link=\"\" target=\"_blank\">4484503</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>wacserver2019-kb4486674-fullfile-x64-glb.exe</td><td>1D30E5EB4B9A9B4654E3F4E6137D7B83F68F7D4A</td><td>B39F6D186279D74B6A3CF8018E61341BC74FEE0D86F85B7E282B4A1156B0738D</td></tr></tbody></table><h3><br/>File information</h3><p>Download <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/c/0/3/c03443f1-a081-42a5-aa47-731636124aaf/4486674.csv\" managed-link=\"\" target=\"_blank\">the list of files that are included in security update 4486674</a>.</p><h2>Information about protection and security</h2><p>Protect yourself online: <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/hub/4099151\" managed-link=\"\" target=\"_blank\">Windows Security support</a></p><p>Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" managed-link=\"\" target=\"_blank\">Microsoft Security</a></p></body></html>", "published": "2020-10-13T00:00:00", "modified": "2020-10-13T17:17:22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486674/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16932", "CVE-2020-16929", "CVE-2020-16931"], "immutableFields": [], "lastseen": "2021-01-01T22:51:13", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"modified": "2021-01-01T22:51:13", "references": [{"idList": ["SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS20_OCT_OFFICE.NASL"], "type": "nessus"}, {"idList": ["ZDI-20-1253", "ZDI-20-1255", "ZDI-20-1251"], "type": "zdi"}, {"idList": ["KB4486682", "KB4486700", "KB4486688", "KB4462175", "KB4486695", "KB4486687", "KB4486707", "KB4484531", "KB4486689", "KB4486678"], "type": "mskb"}, {"idList": ["MS:CVE-2020-16932", "MS:CVE-2020-16931", "MS:CVE-2020-16929"], "type": "mscve"}, {"idList": ["CVE-2020-16932", "CVE-2020-16929", "CVE-2020-16931"], "type": "cve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-01-01T22:51:13", "rev": 2, "value": 5.7, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486674", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4484141", "KB4484290", "KB4484254"], "parentseeds": ["KB4486750", "KB4486713"], "msproducts": ["17874"], "supportAreaPaths": ["63f5ad6b-0eff-3e0a-5792-1c675509fb3f"], "supportAreaPathNodes": [{"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}], "primarySupportAreaPath": [{"id": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "name": "Servers", "tree": [], "type": "productfamily"}, {"id": "63f5ad6b-0eff-3e0a-5792-1c675509fb3f", "name": "Office Online Server", "parent": "90bedbeb-782d-7b46-9f4f-721cc5d647d6", "tree": [], "type": "productname"}]}, "lastseen": "2021-01-01T22:51:13", "differentElements": ["description", "href", "modified", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "primarySupportAreaPath", "published", "superseeds", "supportAreaPathNodes", "supportAreaPaths"], "edition": 2}, {"bulletin": {"id": "KB4486674", "hash": "e91d69510eb24127cd2b66310a01a4ca", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: October 13, 2020", "description": "# Description of the security update for Office Online Server: October 13,\n2020\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16929](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16931](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16932](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486674)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486674 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=7c89582a-36d9-4701-b0d6-73c3df7e6cef)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: October 13, 2020](https://support.microsoft.com/en-\nus/help/20201013).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4484503](http://support.microsoft.com/kb/4484503).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486674-fullfile-x64-glb.exe|\n1D30E5EB4B9A9B4654E3F4E6137D7B83F68F7D4A|\nB39F6D186279D74B6A3CF8018E61341BC74FEE0D86F85B7E282B4A1156B0738D \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486674](https://download.microsoft.com/download/c/0/3/c03443f1-a081-42a5-aa47-731636124aaf/4486674.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486674", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16932", "CVE-2020-16929", "CVE-2020-16931"], "immutableFields": [], "lastseen": "2021-07-24T23:40:21", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"modified": "2021-07-24T23:40:21", "references": [{"idList": ["SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS20_OCT_OFFICE.NASL"], "type": "nessus"}, {"idList": ["ZDI-20-1253", "ZDI-20-1255", "ZDI-20-1251"], "type": "zdi"}, {"idList": ["KB4486682", "KB4486700", "KB4486688", "KB4462175", "KB4486695", "KB4486687", "KB4486707", "KB4484531", "KB4486689", "KB4486678"], "type": "mskb"}, {"idList": ["MS:CVE-2020-16932", "MS:CVE-2020-16931", "MS:CVE-2020-16929"], "type": "mscve"}, {"idList": ["CVE-2020-16932", "CVE-2020-16929", "CVE-2020-16931"], "type": "cve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-07-24T23:40:21", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "KB4486674", "msrc": "", "mscve": "CVE-2020-16929", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4462169", "KB4461633", "KB4475511", "KB4484503", "KB4475595", "KB4484451", "KB4011027", "KB4484223", "KB4484470", "KB4475528", "KB4484270", "KB4484141", "KB4484290", "KB4484254"], "parentseeds": ["KB5001943", "KB4493160", "KB5001973", "KB4486750", "KB4486713", "KB4504714", "KB4493229", "KB5001914", "KB4493192"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-24T23:40:21", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "title"], "edition": 3}, {"bulletin": {"id": "KB4486674", "hash": "21bee07cbc20109d5ef6792a61fad7ea2c585762411b050b4bf91aedbce3e62f", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-10-13", "description": "", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486674", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16929"], "immutableFields": [], "lastseen": "2021-07-27T10:12:51", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16929"]}, {"type": "zdi", "idList": ["ZDI-20-1251"]}, {"type": "mskb", "idList": ["KB4462175", "KB4486688", "KB4486695", "KB4486689", "KB4486678", "KB4486700", "KB4486687", "KB4486707", "KB4484531"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16929"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_OCT_EXCEL.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "MACOS_MS20_OCT_OFFICE.NASL"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-07-27T10:12:51", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-07-27T10:12:51", "rev": 2}}, "objectVersion": "1.5", "kb": "KB4486674", "msrc": "", "mscve": "CVE-2020-16929", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4475595", "KB4484141", "KB4484290", "KB4462169", "KB4461633", "KB4475528", "KB4011027", "KB4484470", "KB4484223", "KB4484254", "KB4484451", "KB4484270", "KB4475511", "KB4484503"], "parentseeds": ["KB4493229", "KB4504714", "KB4486750", "KB4493160", "KB5001943", "KB4493192", "KB5001914", "KB5001973", "KB4486713"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:12:51", "differentElements": ["cvss2", "cvss3", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds"], "edition": 4}, {"bulletin": {"id": "KB4486674", "hash": "2887f7c72e879658eba23e93dc7fbca33d9986172dbc1fda4132438ba4b98fee", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-10-13", "description": "", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://support.microsoft.com/en-us/help/4486674", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16929"], "immutableFields": [], "lastseen": "2021-07-27T10:12:51", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"modified": "2021-07-27T10:12:51", "references": [{"idList": ["SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS20_OCT_OFFICE.NASL"], "type": "nessus"}, {"idList": ["KB4486700", "KB4486688", "KB4462175", "KB4486695", "KB4486687", "KB4486707", "KB4484531", "KB4486689", "KB4486678"], "type": "mskb"}, {"idList": ["CVE-2020-16929"], "type": "cve"}, {"idList": ["MS:CVE-2020-16929"], "type": "mscve"}, {"idList": ["ZDI-20-1251"], "type": "zdi"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-07-27T10:12:51", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.5", "kb": "", "msrc": "", "mscve": "", "msplatform": "", "msfamily": "", "msimpact": "", "msseverity": "", "superseeds": [], "parentseeds": [], "msproducts": [], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-07-27T10:12:51", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "kb", "mscve", "msfamily", "msimpact", "msproducts", "msseverity", "parentseeds", "superseeds", "title"], "edition": 5}, {"bulletin": {"id": "KB4486674", "hash": "487bf745fefeda02cc25afeeb0f63197", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: October 13, 2020", "description": "# Description of the security update for Office Online Server: October 13,\n2020\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16929](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16931](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16932](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486674)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486674 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=7c89582a-36d9-4701-b0d6-73c3df7e6cef)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: October 13, 2020](https://support.microsoft.com/en-\nus/help/20201013).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4484503](http://support.microsoft.com/kb/4484503).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486674-fullfile-x64-glb.exe|\n1D30E5EB4B9A9B4654E3F4E6137D7B83F68F7D4A|\nB39F6D186279D74B6A3CF8018E61341BC74FEE0D86F85B7E282B4A1156B0738D \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486674](https://download.microsoft.com/download/c/0/3/c03443f1-a081-42a5-aa47-731636124aaf/4486674.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486674", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16929", "CVE-2020-16931", "CVE-2020-16932"], "immutableFields": [], "lastseen": "2021-08-01T10:08:59", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16931", "CVE-2020-16932", "CVE-2020-16929"]}, {"type": "mskb", "idList": ["KB4486682", "KB4486678", "KB4462175", "KB4486688", "KB4486689", "KB4486687", "KB4486700", "KB4484531", "KB4486707", "KB4486695"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_112738", "WEB_APPLICATION_SCANNING_112737", "SMB_NT_MS20_OCT_EXCEL.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS20_OCT_OFFICE.NASL", "WEB_APPLICATION_SCANNING_112740", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "WEB_APPLICATION_SCANNING_112739"]}, {"type": "zdi", "idList": ["ZDI-20-1253", "ZDI-20-1255", "ZDI-20-1251"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16932", "MS:CVE-2020-16931", "MS:CVE-2020-16929"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-08-01T10:08:59", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-08-01T10:08:59", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486674", "msrc": "", "mscve": "CVE-2020-16929", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4011027", "KB4484451", "KB4484223", "KB4475595", "KB4461633", "KB4484141", "KB4484290", "KB4462169", "KB4475528", "KB4484503", "KB4484270", "KB4484470", "KB4475511"], "parentseeds": ["KB4493229", "KB5001914", "KB4504714", "KB4493192", "KB4486750", "KB4486713", "KB5001943", "KB5001973", "KB4493160"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-01T10:08:59", "differentElements": ["description"], "edition": 6}, {"bulletin": {"id": "KB4486674", "hash": "83bdf44a46a5d58fa38557b347256553", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: October 13, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16929](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16931](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16932](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486674)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486674 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=7c89582a-36d9-4701-b0d6-73c3df7e6cef)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: October 13, 2020](https://support.microsoft.com/en-\nus/help/20201013).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4484503](http://support.microsoft.com/kb/4484503).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486674-fullfile-x64-glb.exe|\n1D30E5EB4B9A9B4654E3F4E6137D7B83F68F7D4A|\nB39F6D186279D74B6A3CF8018E61341BC74FEE0D86F85B7E282B4A1156B0738D \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486674](https://download.microsoft.com/download/c/0/3/c03443f1-a081-42a5-aa47-731636124aaf/4486674.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486674", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16931", "CVE-2020-16929", "CVE-2020-16932"], "immutableFields": [], "lastseen": "2021-08-12T23:33:29", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16932", "CVE-2020-16929", "CVE-2020-16931"]}, {"type": "mskb", "idList": ["KB4462175", "KB4484531", "KB4486688", "KB4486707", "KB4486695", "KB4486687", "KB4486682", "KB4486700", "KB4486678", "KB4486689"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_OCT_EXCEL.NASL", "WEB_APPLICATION_SCANNING_112739", "WEB_APPLICATION_SCANNING_112738", "SMB_NT_MS20_OCT_OFFICE.NASL", "WEB_APPLICATION_SCANNING_112737", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "MACOS_MS20_OCT_OFFICE.NASL", "WEB_APPLICATION_SCANNING_112740"]}, {"type": "zdi", "idList": ["ZDI-20-1253", "ZDI-20-1255", "ZDI-20-1251"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16929", "MS:CVE-2020-16931", "MS:CVE-2020-16932"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-08-12T23:33:29", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-12T23:33:29", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486674", "msrc": "", "mscve": "CVE-2020-16929", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4011027", "KB4484223", "KB4484451", "KB4484141", "KB4475595", "KB4484290", "KB4484470", "KB4475511", "KB4484270", "KB4461633", "KB4462169", "KB4484503", "KB4484254", "KB4475528"], "parentseeds": ["KB5001914", "KB4486713", "KB4504714", "KB4493229", "KB4493160", "KB4486750", "KB4493192", "KB5001973", "KB5001943"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-12T23:33:29", "differentElements": ["cvelist", "description", "title"], "edition": 7}, {"bulletin": {"id": "KB4486674", "hash": "5080fad3deedef5ef525b3bf09b35467", "type": "mskb", "bulletinFamily": "microsoft", "title": "Security update 2020-10-13", "description": "", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486674", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16929"], "immutableFields": [], "lastseen": "2021-08-28T09:34:03", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16929"]}, {"type": "zdi", "idList": ["ZDI-20-1251"]}, {"type": "mskb", "idList": ["KB4462175", "KB4486707", "KB4486678", "KB4486695", "KB4486688", "KB4486689", "KB4486700", "KB4486687", "KB4484531"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16929"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "WEB_APPLICATION_SCANNING_112738", "WEB_APPLICATION_SCANNING_112739", "WEB_APPLICATION_SCANNING_112740", "WEB_APPLICATION_SCANNING_112737", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "MACOS_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_OFFICE.NASL"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-08-28T09:34:03", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-28T09:34:03", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486674", "msrc": "", "mscve": "CVE-2020-16929", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484254", "KB4461633", "KB4011027", "KB4484503", "KB4475528", "KB4484470", "KB4475595", "KB4484141", "KB4484290", "KB4462169", "KB4475511", "KB4484223", "KB4484270", "KB4484451"], "parentseeds": ["KB4493229", "KB5001973", "KB4504714", "KB4486713", "KB4493160", "KB4486750", "KB4493192", "KB5001943", "KB5001914"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-08-28T09:34:03", "differentElements": ["cvelist", "description", "title"], "edition": 8}, {"bulletin": {"id": "KB4486674", "hash": "83bdf44a46a5d58fa38557b347256553", "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office Online Server: October 13, 2020", "description": "None\n\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could\nallow remote code execution if a user opens a specially crafted Office file.\nTo learn more about these vulnerabilities, see see the following security\nadvisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16929](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16931](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2020-16932](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932)\n\n **Note** To apply this security update, you must have the release version of\nMicrosoft Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/en-us/help/12373/windows-update-\nfaq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4486674)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download security update 4486674 for the 64-bit version of Office Online Server](http://www.microsoft.com/download/details.aspx?familyid=7c89582a-36d9-4701-b0d6-73c3df7e6cef)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment\ninformation: October 13, 2020](https://support.microsoft.com/en-\nus/help/20201013).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4484503](http://support.microsoft.com/kb/4484503).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nwacserver2019-kb4486674-fullfile-x64-glb.exe|\n1D30E5EB4B9A9B4654E3F4E6137D7B83F68F7D4A|\nB39F6D186279D74B6A3CF8018E61341BC74FEE0D86F85B7E282B4A1156B0738D \n \nFile informationDownload [the list of files that are included in security\nupdate\n4486674](https://download.microsoft.com/download/c/0/3/c03443f1-a081-42a5-aa47-731636124aaf/4486674.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/4486674", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16931", "CVE-2020-16932", "CVE-2020-16929"], "immutableFields": [], "lastseen": "2021-09-06T10:38:57", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16931", "CVE-2020-16932", "CVE-2020-16929"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_OCT_OFFICE.NASL", "WEB_APPLICATION_SCANNING_112738", "MACOS_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "WEB_APPLICATION_SCANNING_112739", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "WEB_APPLICATION_SCANNING_112737", "WEB_APPLICATION_SCANNING_112740", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL"]}, {"type": "mskb", "idList": ["KB4486700", "KB4486689", "KB4486688", "KB4486707", "KB4484531", "KB4486687", "KB4486682", "KB4486678", "KB4462175", "KB4486695"]}, {"type": "zdi", "idList": ["ZDI-20-1255", "ZDI-20-1251", "ZDI-20-1253"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16929", "MS:CVE-2020-16931", "MS:CVE-2020-16932"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-06T10:38:57", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-09-06T10:38:57", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486674", "msrc": "", "mscve": "CVE-2020-16929", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4011027", "KB4461633", "KB4462169", "KB4475511", "KB4484451", "KB4475595", "KB4484290", "KB4484270", "KB4484141", "KB4475528", "KB4484254", "KB4484503", "KB4484223", "KB4484470"], "parentseeds": ["KB4486750", "KB4486713", "KB5001943", "KB5001973", "KB4493160", "KB4493192", "KB5001914", "KB4504714", "KB4493229"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}, "lastseen": "2021-09-06T10:38:57", "differentElements": ["parentseeds"], "edition": 9}], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16929", "CVE-2020-16932", "CVE-2020-16931"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "MACOS_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "WEB_APPLICATION_SCANNING_112740", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "WEB_APPLICATION_SCANNING_112739", "WEB_APPLICATION_SCANNING_112738", "WEB_APPLICATION_SCANNING_112737"]}, {"type": "mskb", "idList": ["KB4486707", "KB4486688", "KB4486689", "KB4486695", "KB4486687", "KB4486700", "KB4484531", "KB4486678", "KB4486682", "KB4462175"]}, {"type": "zdi", "idList": ["ZDI-20-1251", "ZDI-20-1255", "ZDI-20-1253"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16931", "MS:CVE-2020-16932", "MS:CVE-2020-16929"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-15T19:54:52", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-09-15T19:54:52", "rev": 2}}, "objectVersion": "1.6", "kb": "KB4486674", "msrc": "", "mscve": "CVE-2020-16929", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": ["KB4484270", "KB4462169", "KB4484290", "KB4484503", "KB4484470", "KB4484451", "KB4475528", "KB4484141", "KB4461633", "KB4011027", "KB4475595", "KB4484223", "KB4484254", "KB4475511"], "parentseeds": ["KB4493229", "KB4486750", "KB4493192", "KB5001999", "KB5001914", "KB5001943", "KB5001973", "KB4504714", "KB4493160", "KB4486713"], "msproducts": ["11605"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": [], "_object_type": "robots.models.microsoftKB.MicrosoftKBBulletin", "_object_types": ["robots.models.microsoftKB.MicrosoftKBBulletin", "robots.models.base.Bulletin"]}], "rst": [{"id": "RST:9B96CED7-F427-3A2C-986D-6D31706FCDE6", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 66.113.208.183", "description": "Found **66[.]113.208.183** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **7**.\n First seen: 2020-06-24T03:00:00, Last seen: 2020-12-17T03:00:00.\n IOC tags: **generic**.\nASN 15216: (First IP 66.113.208.0, Last IP 66.113.231.255).\nASN Name \"HOSTWAY\" and Organisation \"Hostway Corporation\".\nASN hosts 11605 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-21T00:00:00", "modified": "2020-06-24T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-17T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "1e1be461452c96b8a1baa02cfddc070b"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "a90239a0e232e6ead8769d0d0903d705"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "ce0f4660e675685625dfb3b748754533"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "0fdcae846bd393e008a3f2411ffe9909"}, {"key": "modified", "hash": "fd3b50b4e1478a504b3ea22d151cd89f"}, {"key": "published", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "7918ebed2dab8358707b776746ae9624"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "79ec0aaa4428714f25beee10b0c988267d147a2a4660a0ac56c3a519ae0a6a53", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["66.113.208.183"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.16, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 7.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 11605, "firstip": {"netv4": "66.113.208.0", "num": "1114755072"}, "isp": "HOSTWAY", "lastip": {"netv4": "66.113.231.255", "num": "1114761215"}, "num": 15216, "org": "Hostway Corporation"}, "threat": []}, {"id": "RST:DC22FC3E-B2FA-378D-82FD-B9469BF1DD93", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 66.113.223.208", "description": "Found **66[.]113.223.208** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2020-12-13T03:00:00, Last seen: 2020-12-15T03:00:00.\n IOC tags: **generic**.\nASN 15216: (First IP 66.113.208.0, Last IP 66.113.231.255).\nASN Name \"HOSTWAY\" and Organisation \"Hostway Corporation\".\nASN hosts 11605 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-21T00:00:00", "modified": "2020-12-13T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-15T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "1e1be461452c96b8a1baa02cfddc070b"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "f49153ce51159f30c3c3d629b30f9e80"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "a94a8c3d6ebd7d1a0055243c1b699a59"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "e19503d25ce436aec00e5ee0e1d07aa4"}, {"key": "modified", "hash": "23fea1c21467dc8d2fe5363a27d037ec"}, {"key": "published", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0f82174727fccdbbd6bf468521d59b0f"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "a396bf016750eb2fbc7847c022f591c52cc916c0d60972b5c7e91f7713c70b0a", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["66.113.223.208"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.96, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 43.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 11605, "firstip": {"netv4": "66.113.208.0", "num": "1114755072"}, "isp": "HOSTWAY", "lastip": {"netv4": "66.113.231.255", "num": "1114761215"}, "num": 15216, "org": "Hostway Corporation"}, "threat": []}], "akamaiblog": [{"id": "AKAMAIBLOG:0D53025012545B375375D5D53F442C25", "hash": "1370be53bc7f59390b337f4598504bdf", "type": "akamaiblog", "bulletinFamily": "blog", "title": "Using LL-HLS with byte-range addressing to achieve interoperability in low latency streaming", "description": "### Introduction\n\nHTTP Adaptive Segmented (HAS) streaming began to be used at scale from 2008 to 2012, with the advent of Move Networks, Microsoft Smooth Streaming, Apple HLS, Adobe HDS, and MPEG DASH. With the typical 10s segment durations of the day, livestream latencies (measuring latency as the time from an action being filmed to that same action being displayed on a device's screen) remained in the 30s to 60s range, trailing broadcast by a significant degree. Over the next decade, segment durations were reduced down to 2s, bringing with them a concomitant reduction in latency to the 8s to 16s range. That range remains the typical latency for many live events today. The year 2020 then brought the industry a pleasant surprise -- not one, but two HAS standards were released that target latency in the 2s range: Low Latency DASH (LL-DASH) and Low Latency HLS (LL-HLS). Both these standards were developed independently, and while they can be deployed as separate streams in a content delivery system, there are performance and cost gains to be had for packagers, origins, CDNs, and players if both streaming formats can be served by a single-set of media objects.\n\nThe HLS [specification](<https://tools.ietf.org/html/draft-pantos-hls-rfc8216bis-07>) was updated to describe version 10 of the streaming protocol. Among the many improvements, LL-HLS introduces the notion of partial segments (\"parts\"). Each part can be addressed discreetly via a unique URL, or optionally as a referenced byte-range into a media segment. The vast majority of early implementations have focused on the discreet part-addressing mode. However, range-based addressing brings with it several performance advantages, along with a path to interoperability with LL-DASH solutions and increased CDN efficiency. It also harbors some curious requirements for implementation across general purpose proxy caches. \n\nThis article will investigate the problems we can solve with range-based addressing, the requirements it brings to operate effectively, and the benefits we can gain by deploying it at scale. \n\n### Cache efficiency\n\nLet's start by examining cache efficiency at the edge when faced with a mixture of low latency and standard latency HLS and DASH clients, all playing the same content. Caching is the means by which CDNs scale up HTTP-adaptive streams. The more content can be cached, the better the performance and the lower the costs. If we imagine an LL-HLS stream with 4s segments and 1s parts, Figure 1 shows all the objects that will need to be cached at the edge within a 4s window. There are many of them! Some are larger than others and we can highlight this difference by scaling them graphically such that the area is proportional to the size. Figure 1 shows that the video segments take up the largest amount of space. \n\n[![LowLatencyBlog1_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog1_23Nov-thumb-700xauto-11559.png)](<https://blogs.akamai.com/LowLatencyBlog1_23Nov.png>)_Figure 1_\n\nNotice there is duplication in content between the parts (purple), which are consumed by a low latency client playing at the live edge, and the contiguous media segments (green), which are consumed by standard latency clients, or low latency clients scrubbing behind the live edge. If we were to add in the DASH footprint, we would see in Figure 2 that we have three silos of files, all holding the same media content, yet competing with one another for cache space. \n\n\n[![LowLatencyBlog2_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog2_23Nov-thumb-700xauto-11561.png)](<https://blogs.akamai.com/LowLatencyBlog2_23Nov.png>)_Figure 2_ \n\n\nOur goal is to reduce these down to a single silo. This will lower origin storage by a factor of 3 and also triple the cache efficiency for the CDN. This can be achieved through the use of byte-range addressing.\n\n### Byte-range addressing\n\nWithin an LL-HLS media playlist, a part is described discreetly using a unique URL for every part. For example\n\n#EXT-X-PART:DURATION=0.500,URI=\"segment1000-6.m4s\" \n\n\nThis same part can alternatively be described using the BYTERANGE syntax \n\n\n#EXT-X-PART:DURATION=0.500,URI=\"segment1000.m4s\",BYTERANGE=251022@2079557 \n\n\nwhich specifies the length and offset at which a part is located within a media segment. For PRELOAD HINT parts, for which the last-byte-position is not yet known, only the start of the byte range is signalled: \n\n\n#EXT-X-PRELOAD-HINT:TYPE=PART,URI=\"segment1000.m4s\",BYTERANGE-START=2005479 \n\n\nFigure 3 shows a discreet part playlist on the left, and it's byte-range-addressed equivalent on the right: \n\n\n[![LowLatencyBlog3_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog3_23Nov-thumb-700xauto-11563.png)](<https://blogs.akamai.com/LowLatencyBlog3_23Nov.png>)_Figure 3_\n\nOf particular interest to us is the expected origin behavior when faced with the open range request specified by the PRELOAD HINT entry. According to the [HLS spec](<https://tools.ietf.org/html/draft-pantos-hls-rfc8216bis-07>), \"When processing requests for a URL or a byte range of a URL that includes one or more Partial Segments that are not yet completely available to be sent - such as requests made in response to an EXT-X- PRELOAD-HINT tag - the server MUST refrain from transmitting any bytes belonging to a Partial Segment until all bytes of that Partial Segment can be transmitted at the full speed of the link to the client.\" This means that the origin must hold back beginning the response until all the bytes of that preload part are available. But what then? The spec continues: \"If the requested range includes more than one Partial Segment then the server MUST enforce this delivery guarantee for each Partial Segment in turn. This enables the client to perform accurate Adaptive Bit Rate (ABR) measurements.\" Since our open range request does include more than one part (in fact, it includes all the remaining parts of that segment), the origin should continue to return successive parts down the same response, bursting each part as it becomes fully available. The key point here is that that single request will in fact return all the parts remaining in that segment. Figure 4 illustrates how we can use this fact to derive a common workflow between LL-HLS and LL-DASH.\n\n[![LowLatencyBlog4_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog4_23Nov-thumb-700xauto-11565.png)](<https://blogs.akamai.com/LowLatencyBlog4_23Nov.png>)_Figure 4_\n\nThe lower half of Figure 4 represents the workflow for a client using byte range addressing. At time 0, it makes an open-ended range request against segment 1. The origin blocks the response until the entirety of part 1 is available and then it begins an aggregated response back to the client. I use the term \"aggregated\" carefully here. If this were http/1.1, it would be a chunked transfer response, however since LL-HLS mandates the use of http/2, and http/2 has framing, this is simply an aggregating http/2 response. Notice that bytes are injected into the byte-addressed response at the exact same time as they are released down the wire for the discreet-addressed parts. The two approaches are latency-equivalent. Also, importantly -- the aggregating response in the byte-addressed case is exactly what an LL-DASH client is expecting. DASH clients do not have the constraint that the part (or \"chunk\" in their context) must be burst, but this bursting does not hurt them and in fact it helps considerably with their bandwidth estimation. \n\n### Request-rate benefits\n\nLet's examine the start-up behavior of a byte-range-addressed LL-HLS client. Consider a client faced with the media playlist at start-up (post tune-in) in Figure 5.\n\n[![LowLatencyBlog5_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog5_23Nov-thumb-700xauto-11567.png)](<https://blogs.akamai.com/LowLatencyBlog5_23Nov.png>)_Figure 5_\n\nIt could simply act as a discreet-addressed client would, which is to make seven independent requests for each individual part. The last request would be an open one for the PRELOAD part. Another option, however, is that it could simply make a single request, as shown in Figure 6.\n\n[![LowLatencyBlog6_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog6_23Nov-thumb-700xauto-11569.png)](<https://blogs.akamai.com/LowLatencyBlog6_23Nov.png>)_Figure 6_\n\nThis single request would return all the parts, in the correct sequence, all at line speed and including all the future parts that will follow the PRELOAD part. This is exactly what the player needs and (for this ratio of part duration to segment duration) it can be accomplished with a seven-fold decrease in media object requests. Since one of the negatives of LL-HLS is its high request rate against an edge, this is a promising benefit. However, there's a problem in deploying this and it relates to exactly how a CDN edge will interpret that open-range request._ \n_\n\n### The problem with open-ended range requests\n\nImagine you are an edge server, and you receive a client request for range=0 against an object whose size you do not yet know. Let's imagine its actual size is 1000B and you have the first 100B received at the edge. Do you:\n\n 1. Wait until you have received an EOF signal and return a 200 response code with content-length 1000? \n_or_ \n\n 2. Immediately return the 100B you do have in an open-ended 206 response and close the response once the 1000th byte is delivered?\n\nBehavior 1 is actually how most CDNs would behave today, yet 2 is the behavior that we need for our low latency streaming to work. Since both are valid use-cases, how can an edge server tell what behavior to enact? Luckily, there is an RFC to the rescue! [RFC8673](<https://tools.ietf.org/html/rfc8673>) says that the client should never make an open-ended range request if it is expecting an aggregated response from a fixed offset. It should instead send a request with a very large number as the last-byte-pos in the range request. 9007199254740991 has been proposed as a candidate (this equals Number.MAX_SAFE_INTEGER for 64 bit systems). This would signal the proxy-server (or origin) to begin a 206 response that starts at the requested offset and aggregates over time until the object is completely transferred. Note that this convention is only required when the start-byte-pos of the range request is non-zero. If the range being requested starts at zero, then a standard (non-range) GET request can be used, as the origin will naturally provide the aggregating response. \n\nWith this RFC in mind, let's examine the start-up behavior again. There are three scenarios we should consider. The first is for a player tuning-in to the playlist shown below in Figure 7:\n\n[![LowLatencyBlog7_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog7_23Nov-thumb-700xauto-11571.png)](<https://blogs.akamai.com/LowLatencyBlog7_23Nov.png>)_Figure 7_\n\nIn order to commence playback, it would walk back from the live edge and find the latest independent part (highlighted in yellow). It would then make the following request:\n\nGET / v1_1-7728.m4s HTTP/2\n\nNotice that the RFC8673 convention is not needed here since the starting offset is zero. The server would respond with:\n\nHTTP/2 200\n\nThe origin would respond by bursting the bytes it has (up to 375122) and then releasing the remainder as each part boundary becomes available. This would give the player the independent part it needs to start, plus all the segments up to and including the HINTed part. The response would not include a content-length header, as the size is not known. If this were an HTTP1.1 connection, it would be signalled as a Chunked Transfer Encoding response, but since LL-HLS mandates H2 connections to the client, this is simply seen by the client as an aggregating response. \n\nThe second start-up case concerns an independent part at a non-zero offset into the segment. The media playlist might look like Figure 8:\n\n[![LowLatencyBlog8_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog8_23Nov-thumb-700xauto-11573.png)](<https://blogs.akamai.com/LowLatencyBlog8_23Nov.png>)_Figure 8_\n\nThis media segment has two independent parts and we wish to start with the latest one to minimize our latency. The client would first ask for\n\nGET / v1_1-7728.m4s HTTP/2\n\nRange: bytes=245668-9007199254740991\n\nNote that the request has a first-byte position of 245668 instead of zero, which requires the use of the RFC8673 convention. The server would respond with\n\nHTTP/2 206 Partial Content\n\nContent-Range: bytes 245668-9007199254740991/*\n\nThe origin responds by acknowledging the convention established by RFC8673 in the content-range header, along with signalling the content length as * since it is not yet known. It would then burst the bytes from 245668 to 375123 and release the remainder as each part boundary became available. \n\nThe third and last start-up case is the edge condition in which the PRELOAD hint represents the start of a new segment.\n\n[![LowLatencyBlog9_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog9_23Nov-thumb-700xauto-11575.png)](<https://blogs.akamai.com/LowLatencyBlog9_23Nov.png>)_Figure 9_\n\nNotice in Figure 9 that the HINT belongs to segment 7729 (purple highlight) while the prior segment 7728 holds the independent part we need to start with. To start up, the player needs to make two requests. The first would be:\n\nGET / v1_1-7728.m4s HTTP/2\n\nRange: bytes=245668-498933\n\nSince segment 7728 is completely available, the player knows the content-length of the segment so it does not need to use the RFC8673 very-big-number convention. It simply asks for the byte range from the start of the last independent part to the end of the segment. The server would respond with\n\nHTTP/2 206 Partial Content\n\nContent-Length: 253265\n\nContent-Range: bytes 245668-498933/498934\n\nThis is a conventional 206 response. Since the content-length is known, the Content-Length response header is added. All the data would be burst as one contiguous block as the segment is fully available at the origin. The client would then need to make a second request to continue playback:\n\nGET / v1_1-7729.m4s HTTP/2\n\nThe server would respond with:\n\nHTTP/2 200\n\nThe server bursts all the parts of segment 7729 as they become available in an aggregating response and the player is off to steady-state playback.\n\n### Steady state\n\nSpeaking of steady state, what does that look like? If we were to examine all the requests crossing the wire after the player has started, they would look like this:\n\nGET / v1_1-7729.m4s HTTP/2\n\nRange: bytes=567843-9007199254740991\n\nGET / v1_1-7730.m4s HTTP/2\n\nGET / v1_1-7731.m4s HTTP/2\n\nGET / v1_1-7732.m4s HTTP/2\n\n...\n\nAside from the very first request, which uses the RFC8673 convention due to the non-zero starting offset, these are all standard GET requests without range headers. Surprisingly, we can make the general observation that an LL-HLS client using byte range addressing need only make one request per segment duration for each media type. This is nice performance gain for LL-HLS, which otherwise is quite a verbose format. Note that the client must still refresh its media playlists at the respective part duration interval, as those provide it with information on the changing state of the stream. The reduction in overall request rate is dependent on the ratio of part duration to segment duration. Table 1 shows the number of requests made per segment duration of wall clock interval for an LL-HLS client using either discrete or range-based part addressing.\n\n[![LowLatencyBlog10_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog10_23Nov-thumb-700x315-11577.png)](<https://blogs.akamai.com/LowLatencyBlog10_23Nov.png>)_Table 1_\n\nFor the case of 4s segments and 1s parts, we see a 37.5% reduction in the overall number of requests every 4s. If the parts are reduced to 0.5s in duration, then that reduction rises to 43%. That is a material gain that is important for CDN scalability and overall system cost. For a million connected clients, having 430,000 fewer requests every 4s is a material difference. Each request against a CDN has a cost -- in connections, compute, and power. For maximum distribution efficiency, we want to minimize our requests while maximizing the end user's quality of experience.\n\n### Segment structure\n\nEarly versions of the LL-HLS origins produced parts that were all independent (i.e., each one contained a keyframe) and then had contiguous segments with a single keyframe, as represented in Figure 10.\n\n[![LowLatencyBlog11_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog11_23Nov-thumb-700x159-11579.png)](<https://blogs.akamai.com/LowLatencyBlog11_23Nov.png>)_Figure 10_\n\nThe reason for this is encoding efficiency -- there is a small gain in encoding efficiency by moving to the longer GOP. However this arrangement breaks the portability of having a single object be stored in cache from which we can serve both parts and segments. In order to achieve a unified cache, our segment must be a direct concatenation of our parts, as represented in Figure 11.\n\n[![LowLatencyBlog12_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog12_23Nov-thumb-700x92-11581.png)](<https://blogs.akamai.com/LowLatencyBlog12_23Nov.png>)_Figure 11_\n\nThe benefits to be gained by halving the cache footprint far outweigh the small encoding efficiency gains to be had by having two bit-different objects.\n\n### Estimating throughput\n\nAll HTTP adaptive streaming clients must use the download of the media segments in order to estimate the available throughput and thereby allow their ABR algorithm to switch-up. \n\n[![LowLatencyBlog13_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog13_23Nov-thumb-700x183-11583.png)](<https://blogs.akamai.com/LowLatencyBlog13_23Nov.png>)\n\n_Figure 12_\n\nWith discreet part delivery, this is done by measuring the bits received and dividing by the time taken to receive them, as illustrated in Figure 12. Since the objects are fully available at the server, the rate at which they are delivered is limited by the line speed and hence can be used to estimate how much throughput overhead is available. If the same logic is followed for an aggregating range-addressing response, it will provide an incorrect response. The bit numerator will be correct, but the denominator will include the time the origin was blocking delivery, as in Figure 13.\n\n[![LowLatencyBlog14_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog14_23Nov-thumb-700xauto-11585.png)](<https://blogs.akamai.com/LowLatencyBlog14_23Nov.png>)_Figure 13_\n\nThe player will keep dividing the total bits of the media segment by the delivery time, which is essentially the media playback time of the segment. This result will always return that the estimated throughput is equal to the encoded bitrate of the object -- a useless result that will be both inaccurate and prevent the player from ever switching up to a higher bitrate tier. \n\nWhat the player must do instead is only estimate throughout when the bits-across-the-wire are increasing, as shown in Figure 14.\n\n[![LowLatencyBlog15_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog15_23Nov-thumb-700xauto-11587.png)](<https://blogs.akamai.com/LowLatencyBlog15_23Nov.png>)_Figure 14_ \n\n\nHow can the player do this? Well, conveniently, the media playlist described the part boundaries as ranges and the origin and edge server are required to always burst parts. So if the player monitors its receive buffer it can mark the wall-clock time at which the part boundaries are received and hence calculate the throughput over the correct portion of the aggregation window. \n\n### Enough theory -- Does this work in the real world?\n\nTo validate the concepts described in this blog across the real internet, I collaborated with [Ateme](<https://www.ateme.com/>), a France-based provider of encoder and origin servers. Ateme mounted an encoder and LL-HLS origin in a AWS instance in the state of Virginia in the United States. I then placed the Akamai CDN on top of this and used it to stream to a client located in San Francisco, California, as shown in Figure 15.\n\n[![LowLatencyBlog16_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog16_23Nov-thumb-700xauto-11589.png)](<https://blogs.akamai.com/LowLatencyBlog16_23Nov.png>)_Figure 15_\n\nThe player was a test harness that I wrote in Javascript, so that it could be run in a web browser. A browser-based player is a very convenient endpoint from which to validate requests, timing, and CDN performance. Figure 16 is a screenshot of the livestream in action.\n\n[![LowLatencyBlog17_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog17_23Nov-thumb-700xauto-11591.png)](<https://blogs.akamai.com/LowLatencyBlog17_23Nov.png>)_Figure 16_ \n\n\nThis stream contains 4s segments with 0.5s parts. It is operating at its target end-to-end latency of 1.5ss. In the chart on the right the green dots show the completion of each media segment request. These all take just under 4s, which is what we would expect. The orange dots represent the media playlist updates, which are occurring every 500ms. By examining the video object requests in Figure 17,\n\n[![LowLatencyBlog18_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog18_23Nov-thumb-700xauto-11593.png)](<https://blogs.akamai.com/LowLatencyBlog18_23Nov.png>)_Figure 17_\n\nwe can see that the requests are only made against the segments and that each receives a 200 response from the edge server and takes just under 4s to complete. It is a curious fact that even though we are using range-based addressing with LL-HLS, under steady playback the client does not need to make any range-based requests! If an initial request had been made at a non-zero offset, it would have used the RFC8673 convention and this would show as a 206 response preceded by a CORS preflight OPTIONS request to verify that the range header is allowed. This preflight request is an artifact of testing from a web browser and would not be present if testing from a native app. The media playlist updates in comparison (in Figure 18) are returned much faster than the media segments, at roughly 500ms intervals. Notice each one asks for a successively newer version of the playlist using the reserved _HLS_msn and -HLS_part query args. \n\n[![LowLatencyBlog19_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog19_23Nov-thumb-700xauto-11595.png)](<https://blogs.akamai.com/LowLatencyBlog19_23Nov.png>)_Figure 18_\n\n__Figure 19 shows a detail of one of the media segment requests. Note that there is no content-range response header since the client is asking for the full segment and there is no content-length response header since this is an aggregating H2 response against an object of unknown size._ \n_\n\n[![LowLatencyBlog20_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog20_23Nov-thumb-700xauto-11597.png)](<https://blogs.akamai.com/LowLatencyBlog20_23Nov.png>)_Figure 19_\n\nFigure 20 shows our three target players all playing together from the same origin and edge server. On the lower left is the LL-HLS player in byte-range addressing mode. Upper left is the LL-DASH player. On the right is a standard latency HLS player, represented by HLS.js.\n\n[![LowLatencyBlog21_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog21_23Nov-thumb-700x348-11599.png)](<https://blogs.akamai.com/LowLatencyBlog21_23Nov.png>)_Figure 20_\n\nThis standard latency player is playing the exact same stream as the LL-HLS player, but is 12s behind, since it ignores the parts and instead builds three of the 4s segments in its source buffer before starting. Figure 21 is basically validation of the whole approach espoused by this document. It shows the network panels of the three players arranged adjacent to one another. You'll notice that each player is pulling the same media segment from the edge; 1-401326000.m4s,- for example.\n\n[![LowLatencyBlog22_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog22_23Nov-thumb-700xauto-11601.png)](<https://blogs.akamai.com/LowLatencyBlog22_23Nov.png>)_Figure 21_\n\nThe panel in the center belongs to the legacy latency player and it is always a full segment behind the other two players, which are both low latency and pull the object while it is still being produced. If we examine the first player to request a given segment from the CDN edge, we notice that it receives a TCP_MISS response (Figure 22). This indicates that the content was not available at the edge and that the edge had to make a forward request to the origin to retrieve it. This is normal behavior as at least one request must always go to the origin to retrieve the content.\n\n[![LowLatencyBlog23_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog23_23Nov-thumb-700x47-11603.png)](<https://blogs.akamai.com/LowLatencyBlog23_23Nov.png>)_Figure 22_\n\nWhat is important is that the second and subsequent requests for the same object received a TCP_HIT response (Figure 23). This indicates that the object is in fact being cached at, and served from, the edge. Success!\n\n[![LowLatencyBlog24_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog24_23Nov-thumb-700x42-11605.png)](<https://blogs.akamai.com/LowLatencyBlog24_23Nov.png>)_Figure 23_\n\n### Conclusion\n\nThe advent of range-based addressing for LL-HLS opens up a number of benefits for distributors of livestreams:\n\n * Increased cache efficiency at origin and CDN distribution tiers, which increases performance and lowers operating costs\n * Decreased request rate from clients. We showed reductions of 30% to 40% for typical encoding configurations, which allows increased CDN-supported scale, lowers operating costs, and reduces the incidence between request errors.\n * An LL-HLS client under steady-state playback does not need to make any range-requests against the origin even when range-based addressing is used in the playlist.This removes the CORS preflight requirements for browser-based clients, improving the latency with which playlists and segments can be returned.\n * Interoperability among four types of clients: low latency HLS clients, standard latency HLS clients (also equivalent to LL-HLS clients scrubbing back from live), low latency DASH clients, and standard latency DASH clients\n * If a CDN is present in the distribution chain, then it requires support for RFC8673 at the origin, CDN, and client layers to work effectively. If the clients are talking directly to the origin, then the origin can be expected to behave appropriately and no RFC8673 convention would be required.\n\nWe are pleased to announce the Akamai is now supporting RFC8673 in production as of October 30, 2020, via our Adaptive Media Delivery (AMD) product. It needs to be activated through metadata so please contact your account representative if you are interested in testing.\n\nWe look forward to the advent of interoperable low latency streaming at scale. If you have any questions, please don't hesitate to get in touch with me directly.\n\n![](http://feeds.feedburner.com/~r/TheAkamaiBlog/~4/Kr3PGujTIK8)", "published": "2020-11-23T14:00:00", "modified": "2020-11-23T15:59:53", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://feedproxy.google.com/~r/TheAkamaiBlog/~3/Kr3PGujTIK8/using-ll-hls-with-byte-range-addressing-to-achieve-interoperability-in-low-latency-streaming.html", "reporter": "Will Law", "references": [], "cvelist": [], "lastseen": "2020-11-23T16:20:32", "history": [{"bulletin": {"id": "AKAMAIBLOG:0D53025012545B375375D5D53F442C25", "hash": "0a42e48ccc5e29bf79944a711db67ae2", "type": "akamaiblog", "bulletinFamily": "blog", "title": "Using LL-HLS with byte-range addressing to achieve interoperability in low latency streaming", "description": "### Introduction\n\nHTTP Adaptive Segmented (HAS) streaming began to be used at scale from 2008 to 2012, with the advent of Move Networks, Microsoft Smooth Streaming, Apple HLS, Adobe HDS, and MPEG DASH. With the typical 10s segment durations of the day, livestream latencies (measuring latency as the time from an action being filmed to that same action being displayed on a device's screen) remained in the 30s to 60s range, trailing broadcast by a significant degree. Over the next decade, segment durations were reduced down to 2s, bringing with them a concomitant reduction in latency to the 8s to 16s range. That range remains the typical latency for many live events today. The year 2020 then brought the industry a pleasant surprise -- not one, but two HAS standards were released that target latency in the 2s range: Low Latency DASH (LL-DASH) and Low Latency HLS (LL-HLS). Both these standards were developed independently, and while they can be deployed as separate streams in a content delivery system, there are performance and cost gains to be had for packagers, origins, CDNs, and players if both streaming formats can be served by a single-set of media objects.\n\nThe HLS [specification](<https://tools.ietf.org/html/draft-pantos-hls-rfc8216bis-07>) was updated to describe version 10 of the streaming protocol. Among the many improvements, LL-HLS introduces the notion of partial segments (\"parts\"). Each part can be addressed discreetly via a unique URL, or optionally as a referenced byte-range into a media segment. The vast majority of early implementations have focused on the discreet part-addressing mode. However, range-based addressing brings with it several performance advantages, along with a path to interoperability with LL-DASH solutions and increased CDN efficiency. It also harbors some curious requirements for implementation across general purpose proxy caches. \n\nThis article will investigate the problems we can solve with range-based addressing, the requirements it brings to operate effectively, and the benefits we can gain by deploying it at scale. \n\n### Cache efficiency\n\nLet's start by examining cache efficiency at the edge when faced with a mixture of low latency and standard latency HLS and DASH clients, all playing the same content. Caching is the means by which CDNs scale up HTTP-adaptive streams. The more content can be cached, the better the performance and the lower the costs. If we imagine an LL-HLS stream with 4s segments and 1s parts, Figure 1 shows all the objects that will need to be cached at the edge within a 4s window. There are many of them! Some are larger than others and we can highlight this difference by scaling them graphically such that the area is proportional to the size. Figure 1 shows that the video segments take up the largest amount of space. \n\n[![LowLatencyBlog1_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog1_23Nov-thumb-700xauto-11559.png)](<https://blogs.akamai.com/LowLatencyBlog1_23Nov.png>)_Figure 1_\n\nNotice there is duplication in content between the parts (purple), which are consumed by a low latency client playing at the live edge, and the contiguous media segments (green), which are consumed by standard latency clients, or low latency clients scrubbing behind the live edge. If we were to add in the DASH footprint, we would see in Figure 2 that we have three silos of files, all holding the same media content, yet competing with one another for cache space. \n\n\n[![LowLatencyBlog2_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog2_23Nov-thumb-700xauto-11561.png)](<https://blogs.akamai.com/LowLatencyBlog2_23Nov.png>)_Figure 2_ \n\n\nOur goal is to reduce these down to a single silo. This will lower origin storage by a factor of 3 and also triple the cache efficiency for the CDN. This can be achieved through the use of byte-range addressing.\n\n### Byte-range addressing\n\nWithin an LL-HLS media playlist, a part is described discreetly using a unique URL for every part. For example\n\n#EXT-X-PART:DURATION=0.500,URI=\"segment1000-6.m4s\" \n\n\nThis same part can alternatively be described using the BYTERANGE syntax \n\n\n#EXT-X-PART:DURATION=0.500,URI=\"segment1000.m4s\",BYTERANGE=251022@2079557 \n\n\nwhich specifies the length and offset at which a part is located within a media segment. For PRELOAD HINT parts, for which the last-byte-position is not yet known, only the start of the byte range is signalled: \n\n\n#EXT-X-PRELOAD-HINT:TYPE=PART,URI=\"segment1000.m4s\",BYTERANGE-START=2005479 \n\n\nFigure 3 shows a discreet part playlist on the left, and it's byte-range-addressed equivalent on the right: \n\n\n[![LowLatencyBlog3_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog3_23Nov-thumb-700xauto-11563.png)](<https://blogs.akamai.com/LowLatencyBlog3_23Nov.png>)_Figure 3_\n\nOf particular interest to us is the expected origin behavior when faced with the open range request specified by the PRELOAD HINT entry. According to the [HLS spec](<https://tools.ietf.org/html/draft-pantos-hls-rfc8216bis-07>), \"When processing requests for a URL or a byte range of a URL that includes one or more Partial Segments that are not yet completely available to be sent - such as requests made in response to an EXT-X- PRELOAD-HINT tag - the server MUST refrain from transmitting any bytes belonging to a Partial Segment until all bytes of that Partial Segment can be transmitted at the full speed of the link to the client.\" This means that the origin must hold back beginning the response until all the bytes of that preload part are available. But what then? The spec continues: \"If the requested range includes more than one Partial Segment then the server MUST enforce this delivery guarantee for each Partial Segment in turn. This enables the client to perform accurate Adaptive Bit Rate (ABR) measurements.\" Since our open range request does include more than one part (in fact, it includes all the remaining parts of that segment), the origin should continue to return successive parts down the same response, bursting each part as it becomes fully available. The key point here is that that single request will in fact return all the parts remaining in that segment. Figure 4 illustrates how we can use this fact to derive a common workflow between LL-HLS and LL-DASH.\n\n[![LowLatencyBlog4_23Nov.png](https://blogs.akamai.com/assets_c/2020/11/LowLatencyBlog4_23Nov-thumb-700xauto-11565.png)](<https://blogs.akamai.com/LowLatencyBlog4_23Nov.png>)_Figure 4_\n\nThe lower half of Figure 4 represents the workflow for a client using byte range addressing. At time 0, it makes an open-ended range request against segment 1. The origin blocks the response until the entirety of part 1 is available and then it begins an aggregated response back to the client. I use the term \"aggregated\" carefully here. If this were http/1.1, it would be a chunked transfer response, however since LL-HLS mandates the use of http/2, and http/2 has framing, this is simply an aggregating http/2 response. Notice that bytes are injected into the byte-addressed response at the exact same time as they are released down the wire for the discreet-addressed parts. The two approaches are latency-equivalent. Also, importantly -- the aggregating response in the byte-addressed case is exactly what an LL-DASH client is expecting. DASH clients do not have the constraint that the part (or \"chunk\" in their context) must be burst, but this bursting does not hurt them and in fact it helps considerably with their bandwidth estimation. \n\n### Request-rate benefits\n\nLet's examine the start-up behavior of a byte-range-addressed LL-HLS client. Consider a client faced with the media playlist at start-up (post tune-in) in Figure 5.\n\n![](http://feeds.feedburner.com/~r/TheAkamaiBlog/~4/Kr3PGujTIK8)", "published": "2020-11-23T14:00:00", "modified": "2020-11-23T14:04:05", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://feedproxy.google.com/~r/TheAkamaiBlog/~3/Kr3PGujTIK8/using-ll-hls-with-byte-range-addressing-to-achieve-interoperability-in-low-latency-streaming.html", "reporter": "Will Law", "references": [], "cvelist": [], "lastseen": "2020-11-23T14:20:32", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [], "modified": "2020-11-23T14:20:32", "rev": 2}, "score": {"value": -0.1, "vector": "NONE", "modified": "2020-11-23T14:20:32", "rev": 2}}, "objectVersion": "1.4"}, "lastseen": "2020-11-23T14:20:32", "differentElements": ["description", "modified"], "edition": 1}], "viewCount": 106, "enchantments": {"dependencies": {"references": [], "modified": "2020-11-23T16:20:32", "rev": 2}, "score": {"value": -0.3, "vector": "NONE", "modified": "2020-11-23T16:20:32", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.rss.RssBulletin", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "immutableFields": []}], "cve": [{"id": "CVE-2020-11605", "bulletinFamily": "NVD", "title": "CVE-2020-11605", "description": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).", "published": "2020-04-08T16:15:00", "modified": "2021-07-21T11:39:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11605", "reporter": "cve@mitre.org", "references": ["https://security.samsungmobile.com/securityUpdate.smsb"], "cvelist": ["CVE-2020-11605"], "type": "cve", "lastseen": "2021-08-04T16:55:00", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "9.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.1"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "10.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:9.0", "cpe:/o:google:android:8.0", "cpe:/o:google:android:8.1", "cpe:/o:google:android:10.0"], "cpe23": ["cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-11605"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-200"], "description": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).", "edition": 5, "enchantments": {"dependencies": {"modified": "2021-02-02T07:36:56", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T07:36:56", "rev": 2, "value": 2.0, "vector": "NONE"}}, "extraReferences": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "hash": "6e0ac5067aa92fdc9bec0bd040f039ab446e35c1169501ce204852aa67fba2f3", "hashmap": [{"hash": "e79e0258f1a5474c4df01a220aa11d46", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "e42d4cea000797eaab7c406343d25d2a", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "413c52089e044b702451534dc0b3a598", "key": "published"}, {"hash": "6006391793f66d5257a13136de65962f", "key": "extraReferences"}, {"hash": "0099fffe0ef5f219d622df7078e6df4c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a50ccad5938e9cbfc1abbf241c61463e", "key": "affectedSoftware"}, {"hash": "01101535fb80bd7a21cdf835ed9ad7b2", "key": "title"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3f27bbab067ac57a05b7a2600a7855f4", "key": "references"}, {"hash": "aab8af0becc5f826fd5ef560b5162f49", "key": "cvelist"}, {"hash": "6ef435caa69ca2daf0377081c6b05052", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "b647a850fd42b235dd11ee60cf626f2d", "key": "cwe"}, {"hash": "0891fdc1c77287090287b62c45714c95", "key": "cpeConfiguration"}, {"hash": "b9ebbb0b42cc66267bbf4d15374c1be1", "key": "cpe23"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11605", "id": "CVE-2020-11605", "immutableFields": [], "lastseen": "2021-02-02T07:36:56", "modified": "2020-04-09T19:34:00", "objectVersion": "1.5", "published": "2020-04-08T16:15:00", "references": ["https://security.samsungmobile.com/securityUpdate.smsb"], "reporter": "cve@mitre.org", "title": "CVE-2020-11605", "type": "cve", "viewCount": 7}, "different_elements": ["cpeConfiguration"], "edition": 5, "lastseen": "2021-02-02T07:36:56"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "9.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.1"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "10.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:9.0", "cpe:/o:google:android:8.0", "cpe:/o:google:android:8.1", "cpe:/o:google:android:10.0"], "cpe23": ["cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2020-11605"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-200"], "description": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-09-21T13:58:28", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:58:28", "rev": 2, "value": 2.0, "vector": "NONE"}}, "hash": "3dffbbcbacd2c7e130682f6c6bf67f5565e4fbe3084f502eab15b6abc1d604ad", "hashmap": [{"hash": "e79e0258f1a5474c4df01a220aa11d46", "key": "modified"}, {"hash": "e42d4cea000797eaab7c406343d25d2a", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "413c52089e044b702451534dc0b3a598", "key": "published"}, {"hash": "0099fffe0ef5f219d622df7078e6df4c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a50ccad5938e9cbfc1abbf241c61463e", "key": "affectedSoftware"}, {"hash": "01101535fb80bd7a21cdf835ed9ad7b2", "key": "title"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3f27bbab067ac57a05b7a2600a7855f4", "key": "references"}, {"hash": "aab8af0becc5f826fd5ef560b5162f49", "key": "cvelist"}, {"hash": "6ef435caa69ca2daf0377081c6b05052", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "b647a850fd42b235dd11ee60cf626f2d", "key": "cwe"}, {"hash": "b9ebbb0b42cc66267bbf4d15374c1be1", "key": "cpe23"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11605", "id": "CVE-2020-11605", "lastseen": "2020-09-21T13:58:28", "modified": "2020-04-09T19:34:00", "objectVersion": "1.3", "published": "2020-04-08T16:15:00", "references": ["https://security.samsungmobile.com/securityUpdate.smsb"], "reporter": "cve@mitre.org", "title": "CVE-2020-11605", "type": "cve", "viewCount": 5}, "differentElements": ["cpeConfiguration"], "edition": 3, "lastseen": "2020-09-21T13:58:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "9.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.1"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "10.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:9.0", "cpe:/o:google:android:8.0", "cpe:/o:google:android:8.1", "cpe:/o:google:android:10.0"], "cpe23": ["cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-11605"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-200"], "description": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-10-03T12:55:48", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T12:55:48", "rev": 2, "value": 2.0, "vector": "NONE"}}, "extraReferences": [], "hash": "68b1cd483a9cc6fbdac62a0a3090d100414a6edb829941d039aa94e7c837b23d", "hashmap": [{"hash": "e79e0258f1a5474c4df01a220aa11d46", "key": "modified"}, {"hash": "e42d4cea000797eaab7c406343d25d2a", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "413c52089e044b702451534dc0b3a598", "key": "published"}, {"hash": "0099fffe0ef5f219d622df7078e6df4c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a50ccad5938e9cbfc1abbf241c61463e", "key": "affectedSoftware"}, {"hash": "01101535fb80bd7a21cdf835ed9ad7b2", "key": "title"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3f27bbab067ac57a05b7a2600a7855f4", "key": "references"}, {"hash": "aab8af0becc5f826fd5ef560b5162f49", "key": "cvelist"}, {"hash": "6ef435caa69ca2daf0377081c6b05052", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "b647a850fd42b235dd11ee60cf626f2d", "key": "cwe"}, {"hash": "0891fdc1c77287090287b62c45714c95", "key": "cpeConfiguration"}, {"hash": "b9ebbb0b42cc66267bbf4d15374c1be1", "key": "cpe23"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11605", "id": "CVE-2020-11605", "lastseen": "2020-10-03T12:55:48", "modified": "2020-04-09T19:34:00", "objectVersion": "1.3", "published": "2020-04-08T16:15:00", "references": ["https://security.samsungmobile.com/securityUpdate.smsb"], "reporter": "cve@mitre.org", "title": "CVE-2020-11605", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 4, "lastseen": "2020-10-03T12:55:48"}, {"bulletin": {"affectedSoftware": [{"name": "google android", "operator": "eq", "version": "8.1"}, {"name": "google android", "operator": "eq", "version": "10.0"}, {"name": "google android", "operator": "eq", "version": "8.0"}, {"name": "google android", "operator": "eq", "version": "9.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:google:android:8.1", "cpe:/o:google:android:9.0", "cpe:/a:google:android:9.0", "cpe:/a:google:android:8.0", "cpe:/o:google:android:8.0", "cpe:/o:google:android:8.1", "cpe:/a:google:android:10.0", "cpe:/o:google:android:10.0"], "cpe23": ["cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"], "cvelist": ["CVE-2020-11605"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-200"], "description": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-04-10T11:20:20", "references": [], "rev": 2}, "score": {"modified": "2020-04-10T11:20:20", "rev": 2, "value": 2.0, "vector": "NONE"}}, "hash": "66e18dc865fc3317d2a3817d421c28b107b6b2e33e0aed667cff75b629caf9f2", "hashmap": [{"hash": "e79e0258f1a5474c4df01a220aa11d46", "key": "modified"}, {"hash": "e42d4cea000797eaab7c406343d25d2a", "key": "description"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "413c52089e044b702451534dc0b3a598", "key": "published"}, {"hash": "068d957c06206f62469d061b76e6a6b7", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "01101535fb80bd7a21cdf835ed9ad7b2", "key": "title"}, {"hash": "e34a88b7d943882764b984e6a066bcf0", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3f27bbab067ac57a05b7a2600a7855f4", "key": "references"}, {"hash": "aab8af0becc5f826fd5ef560b5162f49", "key": "cvelist"}, {"hash": "6ef435caa69ca2daf0377081c6b05052", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "b647a850fd42b235dd11ee60cf626f2d", "key": "cwe"}, {"hash": "b9ebbb0b42cc66267bbf4d15374c1be1", "key": "cpe23"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11605", "id": "CVE-2020-11605", "lastseen": "2020-04-10T11:20:20", "modified": "2020-04-09T19:34:00", "objectVersion": "1.3", "published": "2020-04-08T16:15:00", "references": ["https://security.samsungmobile.com/securityUpdate.smsb"], "reporter": "cve@mitre.org", "title": "CVE-2020-11605", "type": "cve", "viewCount": 5}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 2, "lastseen": "2020-04-10T11:20:20"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "9.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.1"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "10.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:9.0", "cpe:/o:google:android:8.0", "cpe:/o:google:android:8.1", "cpe:/o:google:android:10.0"], "cpe23": ["cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-11605"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-200"], "description": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-07-22T08:54:20", "references": [], "rev": 2}, "score": {"modified": "2021-07-22T08:54:20", "rev": 2, "value": 2.0, "vector": "NONE"}}, "extraReferences": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "hash": "42135c4923aa286d4d82991cf45f0b39649953de481191c9ac3c7af62068e542", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "e42d4cea000797eaab7c406343d25d2a", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "ccedfcabf2165133899fc4457532f768", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "413c52089e044b702451534dc0b3a598", "key": "published"}, {"hash": "6006391793f66d5257a13136de65962f", "key": "extraReferences"}, {"hash": "0099fffe0ef5f219d622df7078e6df4c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a50ccad5938e9cbfc1abbf241c61463e", "key": "affectedSoftware"}, {"hash": "01101535fb80bd7a21cdf835ed9ad7b2", "key": "title"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3f27bbab067ac57a05b7a2600a7855f4", "key": "references"}, {"hash": "aab8af0becc5f826fd5ef560b5162f49", "key": "cvelist"}, {"hash": "6ef435caa69ca2daf0377081c6b05052", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "b647a850fd42b235dd11ee60cf626f2d", "key": "cwe"}, {"hash": "b9ebbb0b42cc66267bbf4d15374c1be1", "key": "cpe23"}, {"hash": "183798fce373747341ba2f32f8021ac7", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11605", "id": "CVE-2020-11605", "immutableFields": [], "lastseen": "2021-07-22T08:54:20", "modified": "2021-07-21T11:39:00", "objectVersion": "1.5", "published": "2020-04-08T16:15:00", "references": ["https://security.samsungmobile.com/securityUpdate.smsb"], "reporter": "cve@mitre.org", "title": "CVE-2020-11605", "type": "cve", "viewCount": 9}, "different_elements": ["cwe"], "edition": 7, "lastseen": "2021-07-22T08:54:20"}], "edition": 8, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a50ccad5938e9cbfc1abbf241c61463e"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "0099fffe0ef5f219d622df7078e6df4c"}, {"key": "cpe23", "hash": "b9ebbb0b42cc66267bbf4d15374c1be1"}, {"key": "cpeConfiguration", "hash": "ccedfcabf2165133899fc4457532f768"}, {"key": "cvelist", "hash": "aab8af0becc5f826fd5ef560b5162f49"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "0508d123a3a31743407492a215b2e00e"}, {"key": "description", "hash": "e42d4cea000797eaab7c406343d25d2a"}, {"key": "extraReferences", "hash": "6006391793f66d5257a13136de65962f"}, {"key": "href", "hash": "6ef435caa69ca2daf0377081c6b05052"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "183798fce373747341ba2f32f8021ac7"}, {"key": "published", "hash": "413c52089e044b702451534dc0b3a598"}, {"key": "references", "hash": "3f27bbab067ac57a05b7a2600a7855f4"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "01101535fb80bd7a21cdf835ed9ad7b2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9707dd2af6df718bb9163e13342577cbb027db578678b9855499810bf0920897", "viewCount": 11, "enchantments": {"dependencies": {"references": [], "modified": "2021-08-04T16:55:00", "rev": 2}, "score": {"value": 2.0, "vector": "NONE", "modified": "2021-08-04T16:55:00", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/o:google:android:9.0", "cpe:/o:google:android:8.0", "cpe:/o:google:android:8.1", "cpe:/o:google:android:10.0"], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "9.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.1"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "10.0"}, {"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "8.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"], "cwe": ["CWE-532"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "immutableFields": []}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 71, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}]}