{"id": "THN:76EF51D1EBDAA5B92DD55E9E74F5B542", "type": "thn", "bulletinFamily": "info", "title": "New UAF Vulnerability Affecting Microsoft Office to be Patched Today", "description": "[](<https://thehackernews.com/images/-edju9hCc180/YL9F82-HJ-I/AAAAAAAACyY/Eglamv1uxC8JTkLJAPnm_drppHXPoGw_ACLcBGAsYHQ/s0/microsoft-office-hack.jpg>)\n\nFour security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents.\n\n\"Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook,\" researchers from Check Point research said in a report [published](<https://research.checkpoint.com/2021/fuzzing-the-office-ecosystem/>) today.\n\nThree of the four flaws \u2014 tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 \u2014 have been fixed by Microsoft as part of its [Patch Tuesday update](<https://thehackernews.com/2021/05/latest-microsoft-windows-updates-patch.html>) for May 2021, with the fourth patch (CVE-2021-31939) to be issued in June's update rolling out later today.\n\n[](<https://go.thn.li/1-300-4> \"Stack Overflow Teams\" )\n\nIn a hypothetical attack scenario, the researchers said the vulnerability could be triggered as simply as opening a malicious Excel (.XLS) file that's served via a download link or an email.\n\nArising out of parsing mistakes made in legacy code found in Excel 95 file formats, the vulnerabilities were found by [fuzzing](<https://en.wikipedia.org/wiki/Fuzzing>) MSGraph (\"MSGraph.Chart.8\"), a relatively under-analyzed component in Microsoft Office component that's at par to Microsoft Equation Editor in terms of the attack surface. Equation Editor, a now-defunct feature in Word, has become a part of the arsenal of several -related threat actors at least since late 2018.\n\n[](<https://thehackernews.com/images/-bjcZyuzLyz4/YL9HBOb1OZI/AAAAAAAACyg/pO5ACOkuVXIs6p2XOOA9cuKzjKAPXvSKQCLcBGAsYHQ/s0/ms-grap.jpg>)\n\n\"Since the entire Office suite has the ability to embed Excel objects, this broadens the attack vector, making it possible to execute such an attack on almost any Office software, including Word, Outlook and others,\" Check Point researchers said.\n\nThe list of four vulnerabilities are as follows -\n\n * [CVE-2021-31179](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31179>) \\- Microsoft Office Remote Code Execution Vulnerability\n * [CVE-2021-31174](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31174>) \\- Microsoft Excel Information Disclosure Vulnerability\n * [CVE-2021-31178](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31178>) \\- Microsoft Office Information DisclosureChinese Vulnerability\n * [CVE-2021-31939](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31939>) \\- Microsoft Excel Remote Code Execution Vulnerability\n\nMicrosoft, in its advisories for CVE-2021-31179 and CVE-2021-31939, noted that exploitation of the vulnerability requires that a user open a specially-crafted file, adding the adversary would have to trick victims into clicking a link that redirects users to the malicious document.\n\n[](<https://go.thn.li/privileged_728> \"Prevent Data Breaches\" )\n\n\"The vulnerabilities found affect almost the entire Microsoft Office ecosystem,\" said Yaniv Balmas, Head of Cyber Research at Check Point. \"It's possible to execute such an attack on almost any Office software, including Word, Outlook and others. One of the primary learnings from our research is that legacy code continues to be a weak link in the security chain, especially in complex software like Microsoft Office.\"\n\nWindows users are strongly recommended to apply the patches as soon as possible to mitigate the risk and avoid attacks that could exploit the aforementioned weaknesses.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-06-08T10:31:00", "modified": "2021-06-09T04:21:48", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://thehackernews.com/2021/06/new-uaf-vulnerability-affecting.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-31174", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31939"], "immutableFields": [], "lastseen": "2021-06-09T04:42:52", "viewCount": 75, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-31179", "CVE-2021-31174", "CVE-2021-31178", "CVE-2021-31939"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31174/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31178/", "MSF:ILITIES/MSFT-CVE-2021-31179/"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_MAY_OFFICE_WEB.NASL", "SMB_NT_MS21_MAY_EXCEL.NASL", "SMB_NT_MS21_MAY_OFFICE.NASL", "SMB_NT_MS21_JUNE_OFFICE_WEB.NASL", "SMB_NT_MS21_JUN_EXCEL.NASL", "SMB_NT_MS21_JUN_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB5001955", "KB5001951", "KB5001936", "KB5001943", "KB5001963", "KB5001928", "KB5001927", "KB5001947", "KB5001914", "KB5001956"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31939", "MS:CVE-2021-31174", "MS:CVE-2021-31178", "MS:CVE-2021-31179"]}, {"type": "zdi", "idList": ["ZDI-21-670"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C", "RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41", "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5"]}], "modified": "2021-06-09T04:42:52", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-06-09T04:42:52", "rev": 2}, "vulnersScore": 5.0}, "cvss2": {}, "cvss3": {}}

{"cve": [{"lastseen": "2021-06-15T07:41:27", "description": "Microsoft Excel Remote Code Execution Vulnerability", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T23:15:00", "title": "CVE-2021-31939", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-14T15:18:00", "cpe": ["cpe:/a:microsoft:office_web_apps_server:2013", "cpe:/a:microsoft:excel:2013", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office_online_server:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2016", "cpe:/a:microsoft:excel:2016", "cpe:/a:microsoft:office:2019"], "id": "CVE-2021-31939", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31939", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*"]}, {"lastseen": "2021-05-18T01:52:46", "description": "Microsoft Office Information Disclosure Vulnerability", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-11T19:15:00", "title": "CVE-2021-31178", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31178"], "modified": "2021-05-17T16:24:00", "cpe": ["cpe:/a:microsoft:word:2013", "cpe:/a:microsoft:office_web_apps_server:2013", "cpe:/a:microsoft:excel:2013", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office_online_server:-", "cpe:/a:microsoft:word:2016", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2016", "cpe:/a:microsoft:excel:2016", "cpe:/a:microsoft:office:2019"], "id": "CVE-2021-31178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31178", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*"]}, {"lastseen": "2021-05-19T07:53:02", "description": "Microsoft Excel Information Disclosure Vulnerability", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-11T19:15:00", "title": "CVE-2021-31174", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31174"], "modified": "2021-05-18T12:46:00", "cpe": ["cpe:/a:microsoft:office_web_apps_server:2013", "cpe:/a:microsoft:excel:2013", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office_online_server:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2016", "cpe:/a:microsoft:excel:2016", "cpe:/a:microsoft:office:2019"], "id": "CVE-2021-31174", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31174", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*"]}, {"lastseen": "2021-05-18T01:52:46", "description": "Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T19:15:00", "title": "CVE-2021-31179", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31179"], "modified": "2021-05-17T16:23:00", "cpe": ["cpe:/a:microsoft:office_web_apps_server:2013", "cpe:/a:microsoft:excel:2013", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office_online_server:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2016", "cpe:/a:microsoft:excel:2016", "cpe:/a:microsoft:office:2019"], "id": "CVE-2021-31179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31179", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*"]}], "mskb": [{"lastseen": "2021-07-31T09:42:39", "description": "# Description of the security update for Office 2016: May 11, 2021 (KB5001923)\n\n## Summary\n\nThis security update resolves a Microsoft Excel remote code execution\nvulnerability and Microsoft Office information disclosure vulnerability. To\nlearn more about the vulnerabilities, see the following security advisories:\n\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31174](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31174)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31175](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31175)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31178](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31178)\n * [Microsoft Common Vulnerabilities and Exposures CVE-2021-31179](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31179)\n\n **Note:** To apply this security update, you must have the release version of\nMicrosoft Office 2016 installed on the computer.\n\nBe aware that the update in the Microsoft Download Center applies to the\nMicrosoft Installer (.msi)-based edition of Office 2016. It doesn't apply to\nthe Office 2016 Click-to-Run editions, such as Microsoft Office 365 Home (see\n[What version of Office am I using?](https://support.office.com/article/About-\nOffice-What-version-of-Office-am-I-using-932788B8-A3CE-44BF-\nBB09-E334518B8B19)).\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001923)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001923 for the 32-bit version of Office 2016](http://www.microsoft.com/download/details.aspx?familyid=e24491cb-dccf-4eb2-98d7-ab9854d591eb)\n * [Download security update 5001923 for the 64-bit version of Office 2016](http://www.microsoft.com/download/details.aspx?familyid=b6372a8f-3ac4-46c3-ab1d-27e3082f205c)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: May 11, 2021](/en-us/topic/security-update-deployment-\ninformation-may-11-2021-kb5001871-b23ea9f6-2510-4bd1-8575-2ecbb6fa7886).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[4504724](https://support.microsoft.com/kb/4504724).\n\n### File hash information\n\nFile name| | SHA256 hash \n---|---|--- \ngraph2016-kb5001923-fullfile-x86-glb.exe| |\nBB54A9BCF0EA6E9EA16E0B4AAC1E44C80C3930E2191A78CD3C39BB7E7746C9E7 \ngraph2016-kb5001923-fullfile-x64-glb.exe| |\n4AD2E989BC32C554B949B77F31DE87BD8264F7BB4B00A6971642FAC6C2EA2DB9 \n \n### File information\n\nThe English (United States) version of this software update installs files\nthat have the attributes that are listed in the following table. The dates and\ntimes for these files are listed in Coordinated Universal Time (UTC). The\ndates and times for these files on your local computer are displayed in your\nlocal time together with your current daylight saving time (DST) bias.\nAdditionally, the dates and times may change when you perform certain\noperations on the files.\n\n## [ __For all supported x86-based versions of Office 2016](javascript:)\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \ngraph.exe| graph.exe| 16.0.5161.1000| 4420472| 15-Apr-21| 03:18 \n \n## [ __For all supported x64-based versions of Office 2016](javascript:)\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \ngraph.exe| graph.exe| 16.0.5161.1000| 5731704| 15-Apr-21| 03:22 \n \n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mskb", "title": "Description of the security update for Office 2016: May 11, 2021 (KB5001923)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31174", "CVE-2021-31179", "CVE-2021-31178", "CVE-2021-31175"], "modified": "2021-05-11T07:00:00", "id": "KB5001923", "href": "https://support.microsoft.com/en-us/help/5001923", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-27T10:16:27", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mskb", "title": "Security update 2021-06-08", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T07:00:00", "id": "KB5001955", "href": "https://support.microsoft.com/en-us/help/5001955", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-27T10:16:25", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mskb", "title": "Security update 2021-06-08", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T07:00:00", "id": "KB5001943", "href": "https://support.microsoft.com/en-us/help/5001943", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-27T10:16:26", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mskb", "title": "Security update 2021-06-08", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T07:00:00", "id": "KB5001947", "href": "https://support.microsoft.com/en-us/help/5001947", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-31T09:42:41", "description": "# Description of the security update for Office Web Apps Server 2013: June 8,\n2021 (KB5001956)\n\n## Summary\n\nThis security update resolves a Microsoft Excel remote code execution\nvulnerability. To learn more about the vulnerability, see [Microsoft Common\nVulnerabilities and Exposures\nCVE-2021-31939](https://msrc.microsoft.com/update-guide/en-\nUS/vulnerability/CVE-2021-31939).\n\n **Note:** To apply this security update, you must have the release version of\n[Service Pack 1 for Microsoft Office Web Apps Server\n2013](https://support.microsoft.com/kb/2880558) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic\nupdating, this update will be downloaded and installed automatically. For more\ninformation about how to get security updates automatically, see [Windows\nUpdate: FAQ](https://support.microsoft.com/help/12373/windows-update-faq).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update\nCatalog](http://www.catalog.update.microsoft.com/Search.aspx?q=KB5001956)\nwebsite.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download\nCenter. Follow the installation instructions on the download page to install\nthe update.\n\n * [Download security update 5001956 for the 64-bit version of Office Web Apps Server 2013](http://www.microsoft.com/download/details.aspx?familyid=832cc522-e7bd-4ae0-aade-971186898774)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Security update deployment\ninformation: June 8, 2021 (KB5004128)](/en-us/topic/security-update-\ndeployment-information-\njune-8-2021-kb5004128-f637d1c5-31c1-4cd8-b99d-05612a834ded).\n\n### Security update replacement information\n\nThis security update replaces previously released security update\n[5001928](https://support.microsoft.com/kb/5001928).\n\n### File hash information\n\nFile name| | SHA256 hash \n---|---|--- \nWacServer2013-kb5001956-fullfile-x64-glb.exe| |\n3B6996D1DE60158905076DC629699E183F7F1FAD64B8B48A9EA780F8CE279325 \n \n### File information\n\nDownload [the list of files that are included in security update\n5001956](https://download.microsoft.com/download/7/3/5/73581df9-5772-4ca9-9e9d-bec40d53d3b7/5001956.csv).\n\n## Information about protection and security\n\nProtect yourself online: [Windows Security\nsupport](https://support.microsoft.com/hub/4099151)Learn how we guard against\ncyber threats: [Microsoft Security](https://www.microsoft.com/security)\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mskb", "title": "Description of the security update for Office Web Apps Server 2013: June 8, 2021 (KB5001956)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T07:00:00", "id": "KB5001956", "href": "https://support.microsoft.com/en-us/help/5001956", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-27T10:16:27", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mskb", "title": "Security update 2021-06-08", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T07:00:00", "id": "KB5001951", "href": "https://support.microsoft.com/en-us/help/5001951", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-27T10:16:28", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mskb", "title": "Security update 2021-06-08", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T07:00:00", "id": "KB5001963", "href": "https://support.microsoft.com/en-us/help/5001963", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-27T10:16:23", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mskb", "title": "Security update 2021-05-11", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31179"], "modified": "2021-05-11T07:00:00", "id": "KB5001927", "href": "https://support.microsoft.com/en-us/help/5001927", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-27T10:16:24", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mskb", "title": "Security update 2021-05-11", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31179"], "modified": "2021-05-11T07:00:00", "id": "KB5001936", "href": "https://support.microsoft.com/en-us/help/5001936", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-27T10:16:21", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mskb", "title": "Security update 2021-05-11", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31179"], "modified": "2021-05-11T07:00:00", "id": "KB5001914", "href": "https://support.microsoft.com/en-us/help/5001914", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "metasploit": [{"lastseen": "2021-05-13T20:52:01", "description": "Microsoft CVE-2021-31179: Microsoft Office Remote Code Execution Vulnerability\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Microsoft CVE-2021-31179: Microsoft Office Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31179"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/MSFT-CVE-2021-31179/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-05-13T20:51:59", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Microsoft CVE-2021-31178: Microsoft Office (Click-to-Run) Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31178"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31178/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-05-13T20:51:55", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Microsoft CVE-2021-31174: Microsoft Excel (Click-to-Run) Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31174"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31174/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-05-13T20:51:54", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Microsoft CVE-2021-31179: Microsoft Office (Click-to-Run) Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31179"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2021-31179/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-07-29T03:55:33", "description": "The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-31175,\n CVE-2021-31177, CVE-2021-31179)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-31174, CVE-2021-31178)", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "title": "Security Updates for Microsoft Excel Products (May 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31175", "CVE-2021-31179", "CVE-2021-31174", "CVE-2021-31177", "CVE-2021-31178"], "modified": "2021-05-11T00:00:00", "cpe": ["cpe:/a:microsoft:excel"], "id": "SMB_NT_MS21_MAY_EXCEL.NASL", "href": "https://www.tenable.com/plugins/nessus/149397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149397);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\n \"CVE-2021-31174\",\n \"CVE-2021-31175\",\n \"CVE-2021-31177\",\n \"CVE-2021-31178\",\n \"CVE-2021-31179\"\n );\n script_xref(name:\"MSKB\", value:\"5001918\");\n script_xref(name:\"MSKB\", value:\"5001936\");\n script_xref(name:\"MSFT\", value:\"MS21-5001918\");\n script_xref(name:\"IAVA\", value:\"2021-A-0228-S\");\n script_xref(name:\"MSFT\", value:\"MS21-5001936\");\n\n script_name(english:\"Security Updates for Microsoft Excel Products (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Excel Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-31175,\n CVE-2021-31177, CVE-2021-31179)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-31174, CVE-2021-31178)\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-excel-2016-may-11-2021-kb5001918-ded10733-528c-4f28-8ad1-65e2956fb2e3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?354a1fb3\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-excel-2013-may-11-2021-kb5001936-7ce6a5c0-9d60-4278-92f4-6538801e5c2b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1df6f8ba\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5001918\n -KB5001936\n\nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31175\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-05';\nvar kbs = make_list(\n '5001918',\n '5001936'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar port = kb_smb_transport();\n\nvar checks = make_array(\n '15.0', make_array('sp', 1, 'version', '15.0.5345.1000', 'kb', '5001936'),\n '16.0', make_nested_list(\n make_array('sp', 0, 'version', '16.0.5161.1000', 'channel', 'MSI', 'kb', '5001918'),\n make_array('version', '16.0.13127.21624', 'channel', 'Deferred','channel_version', '2008'),\n make_array('version', '16.0.12527.21912', 'channel', 'Deferred'),\n make_array('version', '16.0.13901.20516', 'channel', 'Enterprise Deferred', 'channel_version', '2103'),\n make_array('version', '16.0.13801.20638', 'channel', 'Enterprise Deferred'),\n make_array('version', '16.0.13801.20638', 'channel', 'First Release for Deferred'),\n make_array('version', '16.0.13929.20372', 'channel', 'Current'),\n make_array('version', '16.0.10374.20040', 'channel', '2019 Volume'),\n make_array('version', '16.0.13929.20372', 'channel', '2019 Retail')\n )\n);\n\nif (hotfix_check_office_product(product:'Excel', checks:checks, bulletin:bulletin))\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T03:55:33", "description": "The Microsoft Office Web Apps installation on the remote\nhost is missing security updates. It is, therefore, affected\nby multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-31175,\n CVE-2021-31177, CVE-2021-31179)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-31174, CVE-2021-31178)", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "title": "Security Updates for Microsoft Office Web Apps (May 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31175", "CVE-2021-31179", "CVE-2021-31174", "CVE-2021-31177", "CVE-2021-31178"], "modified": "2021-05-11T00:00:00", "cpe": ["cpe:/a:microsoft:office_web_apps"], "id": "SMB_NT_MS21_MAY_OFFICE_WEB.NASL", "href": "https://www.tenable.com/plugins/nessus/149387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149387);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\n \"CVE-2021-31174\",\n \"CVE-2021-31175\",\n \"CVE-2021-31177\",\n \"CVE-2021-31178\",\n \"CVE-2021-31179\"\n );\n script_xref(name:\"MSKB\", value:\"5001914\");\n script_xref(name:\"MSKB\", value:\"5001928\");\n script_xref(name:\"MSFT\", value:\"MS21-5001914\");\n script_xref(name:\"IAVA\", value:\"2021-A-0225-S\");\n script_xref(name:\"MSFT\", value:\"MS21-5001928\");\n\n script_name(english:\"Security Updates for Microsoft Office Web Apps (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Web Apps installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Web Apps installation on the remote\nhost is missing security updates. It is, therefore, affected\nby multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-31175,\n CVE-2021-31177, CVE-2021-31179)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-31174, CVE-2021-31178)\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-online-server-may-11-2021-kb5001914-a30f14fa-fc07-47d0-93e0-5beec98dd2a6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3ef32b8b\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-web-apps-server-2013-may-11-2021-kb5001928-353b9fdc-3732-4900-a73e-6e82dc6183d2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97b40ee7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5001914\n -KB5001928\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31175\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_web_apps\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_owa_installed.nbin\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar path, vuln;\n\nvar bulletin = 'MS21-05';\nvar kbs = make_list('5001928', '5001914');\n\nif (get_kb_item('Host/patch_management_checks')) \n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar port = kb_smb_transport();\n\n# Get installs of Office Web Apps\nvar owa_installs = get_installs(app_name:'Microsoft Office Web Apps');\n\nif (!empty_or_null(owa_installs))\n{\n var owa_install;\n foreach owa_install (owa_installs[1])\n {\n if (owa_install['Product'] == '2013')\n {\n var owa_2013_path = owa_install['path'];\n var owa_2013_sp = owa_install['SP'];\n }\n else if (owa_install['Product'] == '2016')\n {\n var oos_path = owa_install['path'];\n var oos_sp = owa_install['SP'];\n }\n }\n}\nvuln = FALSE;\n\n####################################################################\n# Office Web Apps 2013 SP1\n####################################################################\nif (owa_2013_path && (!isnull(owa_2013_sp) && owa_2013_sp == '1'))\n{\n path = hotfix_append_path(path:owa_2013_path, value:'WordConversionService\\\\bin\\\\Converter');\n if (hotfix_check_fversion(file:'sword.dll', version:'15.0.5345.1000', min_version:'15.0.0.0', path:path, kb:'5001928', product:'Office Web Apps 2013') == HCF_OLDER)\n vuln = TRUE;\n}\n\n####################################################################\n# Office Online Server\n####################################################################\nif (oos_path && (!isnull(oos_sp) && oos_sp == '0'))\n{\n path = hotfix_append_path(path:oos_path, value:'WordConversionService\\\\bin\\\\Converter');\n if (hotfix_check_fversion(file:'sword.dll', version:'16.0.10374.20000', min_version:'16.0.0.0', path:path, kb:'5001914', product:'Office Online Server') == HCF_OLDER)\n vuln = TRUE;\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T03:55:33", "description": "The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-28455, CVE-2021-31175, CVE-2021-31176, CVE-2021-31177,\n CVE-2021-31179, CVE-2021-31180)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive\n information. (CVE-2021-31174, CVE-2021-31178)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "title": "Security Updates for Microsoft Office Products (May 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31176", "CVE-2021-31180", "CVE-2021-31175", "CVE-2021-31179", "CVE-2021-31174", "CVE-2021-31177", "CVE-2021-28455", "CVE-2021-31178"], "modified": "2021-05-11T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS21_MAY_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/149401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149401);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\n \"CVE-2021-28455\",\n \"CVE-2021-31174\",\n \"CVE-2021-31175\",\n \"CVE-2021-31176\",\n \"CVE-2021-31178\",\n \"CVE-2021-31179\",\n \"CVE-2021-31180\"\n );\n script_xref(name:\"MSKB\", value:\"4464542\");\n script_xref(name:\"MSKB\", value:\"4493197\");\n script_xref(name:\"MSKB\", value:\"4493206\");\n script_xref(name:\"MSKB\", value:\"5001920\");\n script_xref(name:\"MSKB\", value:\"5001923\");\n script_xref(name:\"MSKB\", value:\"5001925\");\n script_xref(name:\"MSKB\", value:\"5001927\");\n script_xref(name:\"MSFT\", value:\"MS21-4464542\");\n script_xref(name:\"MSFT\", value:\"MS21-4493206\");\n script_xref(name:\"MSFT\", value:\"MS21-4493197\");\n script_xref(name:\"MSFT\", value:\"MS21-5001920\");\n script_xref(name:\"MSFT\", value:\"MS21-5001923\");\n script_xref(name:\"MSFT\", value:\"MS21-5001925\");\n script_xref(name:\"MSFT\", value:\"MS21-5001927\");\n script_xref(name:\"IAVA\", value:\"2021-A-0225-S\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-28455, CVE-2021-31175, CVE-2021-31176, CVE-2021-31177,\n CVE-2021-31179, CVE-2021-31180)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive\n information. (CVE-2021-31174, CVE-2021-31178)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4464542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4493197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4493206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001927\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address these issues: \n -KB4464542\n -KB4493206\n -KB4493197\n -KB5001920\n -KB5001923\n -KB5001925\n -KB5001927\n \nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and\nmanually perform an update.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31179\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-05';\nvar kbs = make_list(\n '4464542',\n '4493197',\n '4493206',\n '5001920',\n '5001923',\n '5001925',\n '5001927'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar vuln = FALSE;\nvar port = kb_smb_transport();\n\nvar office_vers = hotfix_check_office_version();\nvar office_sp, prod, path, kb, file, version;\n\n# Office 2013 SP1\nif (office_vers['15.0'])\n{\n office_sp = get_kb_item('SMB/Office/2013/SP');\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = 'Microsoft Office 2013 SP1';\n\n path = hotfix_get_officecommonfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office15');\n kb = '5001925';\n file = 'mso.dll';\n version = '15.0.5345.1002';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office15');\n kb = '5001927';\n file = 'graph.exe';\n version = '15.0.5345.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n\n path = hotfix_get_officecommonfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office15');\n kb = '4493206';\n file = 'acecore.dll';\n version = '15.0.5345.1001';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office15');\n kb = '4464542';\n file = 'oart.dll';\n version = '15.0.5345.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n }\n}\n\n# Office 2016\nif (office_vers['16.0'])\n{\n office_sp = get_kb_item('SMB/Office/2016/SP');\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = 'Microsoft Office 2016';\n \n # MSI graph.exe\n path = hotfix_get_officeprogramfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office16');\n if (hotfix_check_fversion(file:'graph.exe', version:'16.0.5161.1000', channel:'MSI', channel_product:'Office', path:path, kb:'5001923', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n \n # MSI mso.dll\n path = hotfix_get_officecommonfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office16');\n if (hotfix_check_fversion(file:'mso.dll', version:'16.0.5161.1002', channel:'MSI', channel_product:'Office', path:path, kb:'5001920', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n \n # MSI acecore.dll\n path = hotfix_get_officecommonfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office16');\n if (hotfix_check_fversion(file:'acecore.dll', version:'16.0.5161.1001', channel:'MSI', channel_product:'Office', path:path, kb:'4493197', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n# Office 2019\nif (office_vers['16.0'])\n{\n office_sp = get_kb_item('SMB/Office/2016/SP');\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod2019 = 'Microsoft Office 2019';\n path = hotfix_get_officeprogramfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\root\\\\Office16');\n\n if (\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13127.21624', channel:'Deferred', channel_version:'2008', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.12527.21912', channel:'Deferred', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13901.20516', channel:'Enterprise Deferred', channel_product:'Office', channel_version:'2103', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13801.20638', channel:'Enterprise Deferred', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13801.20638', channel:'First Release for Deferred', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13929.20372', channel:'Current', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13929.20372', channel:'2019 Retail', channel_product:'Office', path:path, bulletin:bulletin, product:prod2019) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.10374.20040', channel:'2019 Volume', channel_product:'Office', path:path, bulletin:bulletin, product:prod2019) == HCF_OLDER\n )\n vuln = TRUE;\n }\n checks = make_array(\n '16.0', make_nested_list(\n make_array('version', '16.0.13127.21624', 'channel', 'Deferred','channel_version', '2008'),\n make_array('version', '16.0.12527.21912', 'channel', 'Deferred'),\n make_array('version', '16.0.13901.20516', 'channel', 'Enterprise Deferred', 'channel_version', '2103'),\n make_array('version', '16.0.13801.20638', 'channel', 'Enterprise Deferred'),\n make_array('version', '16.0.13801.20638', 'channel', 'First Release for Deferred'),\n make_array('version', '16.0.13929.20372', 'channel', 'Current'),\n make_array('version', '16.0.10374.20040', 'channel', '2019 Volume'),\n make_array('version', '16.0.13929.20372', 'channel', '2019 Retail')\n )\n );\n if (hotfix_check_office_product(product:'Excel', checks:checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T03:55:27", "description": "The Microsoft Excel Products are missing security updates. It is, therefore, affected by a remote code execution\nvulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "Security Updates for Microsoft Excel Products (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/a:microsoft:excel"], "id": "SMB_NT_MS21_JUN_EXCEL.NASL", "href": "https://www.tenable.com/plugins/nessus/150371", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150371);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\"CVE-2021-31939\");\n script_xref(name:\"MSKB\", value:\"5001963\");\n script_xref(name:\"MSKB\", value:\"5001947\");\n script_xref(name:\"MSFT\", value:\"MS21-5001963\");\n script_xref(name:\"MSFT\", value:\"MS21-5001947\");\n script_xref(name:\"IAVA\", value:\"2021-A-0272-S\");\n\n script_name(english:\"Security Updates for Microsoft Excel Products (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Excel Products are affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Excel Products are missing security updates. It is, therefore, affected by a remote code execution\nvulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001963\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5001947\n -KB5001963\n \nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and\nmanually perform an update.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-06';\nvar kbs = make_list(\n '5001963',\n '5001947'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar port = kb_smb_transport();\n\nvar checks = make_array(\n '15.0', make_array('sp', 1, 'version', '15.0.5353.1000', 'kb', '5001963'),\n '16.0', make_nested_list(\n make_array('sp', 0, 'version', '16.0.5173.1000', 'channel', 'MSI', 'kb', '5001947'),\n make_array('version', '16.0.13127.21668', 'channel', 'Deferred','channel_version', '2008'),\n make_array('version', '16.0.12527.21952', 'channel', 'Deferred'),\n make_array('version', '16.0.13901.20554', 'channel', 'Enterprise Deferred', 'channel_version', '2103'),\n make_array('version', '16.0.13929.20408', 'channel', 'Enterprise Deferred'),\n make_array('version', '16.0.13801.20738', 'channel', 'First Release for Deferred'),\n make_array('version', '16.0.14026.20270', 'channel', 'Current'),\n make_array('version', '16.0.10375.20036', 'channel', '2019 Volume'),\n make_array('version', '16.0.14026.20270', 'channel', '2019 Retail')\n )\n);\n\nif (hotfix_check_office_product(product:'Excel', checks:checks, bulletin:bulletin))\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T03:55:28", "description": "The Microsoft Office Web Apps installation on the remote\nhost is missing security updates. It is, therefore, affected\nby a remote code execution vulnerability. An attacker can\nexploit this to bypass authentication and execute unauthorized \narbitrary commands. (CVE-2021-31939)", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "Security Updates for Microsoft Office Web Apps (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/a:microsoft:office_web_apps"], "id": "SMB_NT_MS21_JUNE_OFFICE_WEB.NASL", "href": "https://www.tenable.com/plugins/nessus/150358", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150358);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-31939\");\n script_xref(name:\"MSKB\", value:\"5001943\");\n script_xref(name:\"MSKB\", value:\"5001956\");\n script_xref(name:\"MSFT\", value:\"MS21-5001943\");\n script_xref(name:\"MSFT\", value:\"MS21-5001956\");\n script_xref(name:\"IAVA\", value:\"2021-A-0275\");\n\n script_name(english:\"Security Updates for Microsoft Office Web Apps (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Web Apps installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Web Apps installation on the remote\nhost is missing security updates. It is, therefore, affected\nby a remote code execution vulnerability. An attacker can\nexploit this to bypass authentication and execute unauthorized \narbitrary commands. (CVE-2021-31939)\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-online-server-june-8-2021-kb5001943-ec5e326a-2afc-4b60-92bf-c5c372cb5213\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80cb3bac\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-web-apps-server-2013-june-8-2021-kb5001956-ca83e973-52ae-4054-817c-914bb465852a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c4e4df7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5001943\n -KB5001956\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_web_apps\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_owa_installed.nbin\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar path, vuln;\n\nvar bulletin = 'MS21-06';\nvar kbs = make_list('5001956', '5001943');\n\nif (get_kb_item('Host/patch_management_checks')) \n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar port = kb_smb_transport();\n\n# Get installs of Office Web Apps\nvar owa_installs = get_installs(app_name:'Microsoft Office Web Apps');\n\nif (!empty_or_null(owa_installs))\n{\n var owa_install;\n foreach owa_install (owa_installs[1])\n {\n if (owa_install['Product'] == '2013')\n {\n var owa_2013_path = owa_install['path'];\n var owa_2013_sp = owa_install['SP'];\n }\n else if (owa_install['Product'] == '2016')\n {\n var oos_path = owa_install['path'];\n var oos_sp = owa_install['SP'];\n }\n }\n}\nvuln = FALSE;\n\n####################################################################\n# Office Web Apps 2013 SP1\n####################################################################\nif (owa_2013_path && (!isnull(owa_2013_sp) && owa_2013_sp == '1'))\n{\n path = hotfix_append_path(path:owa_2013_path, value:'WordConversionService\\\\bin\\\\Converter');\n if (hotfix_check_fversion(file:'sword.dll', version:'15.0.5353.1000', min_version:'15.0.0.0', path:path, kb:'5001956', product:'Office Web Apps 2013') == HCF_OLDER)\n vuln = TRUE;\n}\n\n####################################################################\n# Office Online Server\n####################################################################\nif (oos_path && (!isnull(oos_sp) && oos_sp == '0'))\n{\n path = hotfix_append_path(path:oos_path, value:'WordConversionService\\\\bin\\\\Converter');\n if (hotfix_check_fversion(file:'sword.dll', version:'16.0.10375.20000', min_version:'16.0.0.0', path:path, kb:'5001943', product:'Office Online Server') == HCF_OLDER)\n vuln = TRUE;\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T03:55:27", "description": "The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - Microsoft Excel remote code execution vulnerability. An attacker can exploit this to bypass authentication and\n execute unauthorized arbitrary commands. (CVE-2021-31939)\n\n - Microsoft Office Graphics remote code execution vulnerability. An attacker can exploit this to bypass authentication\n and execute unauthorized arbitrary commands. (CVE-2021-31940, CVE-2021-31941)\n \nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "title": "Security Updates for Microsoft Office Products (June 2021)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31941", "CVE-2021-31949", "CVE-2021-31940", "CVE-2021-31939"], "modified": "2021-06-08T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS21_JUN_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/150356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150356);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\n \"CVE-2021-31939\",\n \"CVE-2021-31940\",\n \"CVE-2021-31941\",\n \"CVE-2021-31949\"\n );\n script_xref(name:\"MSKB\", value:\"5001950\");\n script_xref(name:\"MSKB\", value:\"5001955\");\n script_xref(name:\"MSKB\", value:\"5001951\");\n script_xref(name:\"MSKB\", value:\"5001953\");\n script_xref(name:\"MSFT\", value:\"MS21-5001950\");\n script_xref(name:\"MSFT\", value:\"MS21-5001955\");\n script_xref(name:\"MSFT\", value:\"MS21-5001951\");\n script_xref(name:\"MSFT\", value:\"MS21-5001953\");\n script_xref(name:\"IAVA\", value:\"2021-A-0275\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (June 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - Microsoft Excel remote code execution vulnerability. An attacker can exploit this to bypass authentication and\n execute unauthorized arbitrary commands. (CVE-2021-31939)\n\n - Microsoft Office Graphics remote code execution vulnerability. An attacker can exploit this to bypass authentication\n and execute unauthorized arbitrary commands. (CVE-2021-31940, CVE-2021-31941)\n \nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001955\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n -KB5001950\n -KB5001951\n -KB5001953\n -KB5001955\n \nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and\nmanually perform an update.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31941\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-06';\nvar kbs = make_list(\n '5001950',\n '5001955',\n '5001951',\n '5001953'\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1);\n\nvar vuln = FALSE;\nvar port = kb_smb_transport();\n\nvar office_vers = hotfix_check_office_version();\nvar office_sp, prod, path, kb, file, version;\n\n# Office 2013 SP1\nif (office_vers['15.0'])\n{\n office_sp = get_kb_item('SMB/Office/2013/SP');\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = 'Microsoft Office 2013 SP1';\n\n path = hotfix_get_officeprogramfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office15');\n kb = '5001955';\n file = 'graph.exe';\n version = '15.0.5353.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n\n path = hotfix_get_officecommonfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office15');\n kb = '5001953';\n file = 'mso.dll';\n version = '15.0.5353.1000';\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n }\n}\n\n# Office 2016\nif (office_vers['16.0'])\n{\n office_sp = get_kb_item('SMB/Office/2016/SP');\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = 'Microsoft Office 2016';\n \n # MSI mso.dll\n path = hotfix_get_officecommonfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office16');\n if (hotfix_check_fversion(file:'mso.dll', version:'16.0.5173.1000', channel:'MSI', channel_product:'Office', path:path, kb:'5001950', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n \n # MSI graph.exe\n path = hotfix_get_officeprogramfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office16');\n if (hotfix_check_fversion(file:'graph.exe', version:'16.0.5173.1000', channel:'MSI', channel_product:'Office', path:path, kb:'5001951', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n# Office 2019\nif (office_vers['16.0'])\n{\n office_sp = get_kb_item('SMB/Office/2016/SP');\n if (!isnull(office_sp) && office_sp == 0)\n {\n var prod2019 = 'Microsoft Office 2019';\n path = hotfix_get_officeprogramfilesdir(officever:'16.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\root\\\\Office16');\n\n if (\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13127.21668', channel:'Deferred', channel_version:'2008', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.12527.21952', channel:'Deferred', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13901.20554', channel:'Enterprise Deferred', channel_product:'Office', channel_version:'2103', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13929.20408', channel:'Enterprise Deferred', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.13801.20738', channel:'First Release for Deferred', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.14026.20270', channel:'Current', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.14026.20270', channel:'2019 Retail', channel_product:'Office', path:path, bulletin:bulletin, product:prod2019) == HCF_OLDER ||\n hotfix_check_fversion(file:'graph.exe', version:'16.0.10375.20036', channel:'2019 Volume', channel_product:'Office', path:path, bulletin:bulletin, product:prod2019) == HCF_OLDER\n )\n vuln = TRUE;\n }\n checks = make_array(\n '16.0', make_nested_list(\n make_array('version', '16.0.13127.21668', 'channel', 'Deferred','channel_version', '2008'),\n make_array('version', '16.0.12527.21952', 'channel', 'Deferred'),\n make_array('version', '16.0.13901.20554', 'channel', 'Enterprise Deferred', 'channel_version', '2103'),\n make_array('version', '16.0.13929.20408', 'channel', 'Enterprise Deferred'),\n make_array('version', '16.0.13801.20738', 'channel', 'First Release for Deferred'),\n make_array('version', '16.0.14026.20270', 'channel', 'Current'),\n make_array('version', '16.0.10375.20036', 'channel', '2019 Volume'),\n make_array('version', '16.0.14026.20270', 'channel', '2019 Retail')\n )\n );\n if (hotfix_check_office_product(product:'Excel', checks:checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2021-07-31T08:00:12", "description": "Microsoft Office Information Disclosure Vulnerability \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-11T07:00:00", "type": "mscve", "title": "Microsoft Office Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31178"], "modified": "2021-05-11T07:00:00", "id": "MS:CVE-2021-31178", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31178", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-31T11:19:55", "description": "Microsoft Excel Information Disclosure Vulnerability \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-11T07:00:00", "type": "mscve", "title": "Microsoft Excel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31174"], "modified": "2021-05-11T07:00:00", "id": "MS:CVE-2021-31174", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31174", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-01T04:40:24", "description": "Microsoft Excel Remote Code Execution Vulnerability \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-08T07:00:00", "type": "mscve", "title": "Microsoft Excel Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31939"], "modified": "2021-06-08T07:00:00", "id": "MS:CVE-2021-31939", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31939", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-31T08:00:12", "description": "Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mscve", "title": "Microsoft Office Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31179"], "modified": "2021-05-11T07:00:00", "id": "MS:CVE-2021-31179", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31179", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2021-06-10T16:32:00", "bulletinFamily": "info", "cvelist": ["CVE-2021-31939"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-06-10T00:00:00", "published": "2021-06-10T00:00:00", "id": "ZDI-21-670", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-670/", "title": "Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}], "rapid7blog": [{"lastseen": "2021-05-22T09:01:54", "description": "\n\nHere we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of them being scored as critical. Let's dive into the details.\n\n## HTTP Protocol Stack Remote Code Execution Vulnerability - [[[CVE-2021-31166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>)](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166>)](<https://blog.rapid7.com/p/a0284057-0a58-48f2-89f5-a9b1d04661c3/CVE-2021-31166>)\n\nThe hottest vulnerability this month is in the HTTP.sys library. If an attacker has network access to a webserver running on an unpatched asset they may be able to send a specially crafted packet which could result in RCE. This was found internally by Microsoft and has not yet been observed in the wild. However, it is only a matter of time before someone figures out how to craft that special packet and we start to see widespread use against Windows 10 and Windows Server machines. Rated at 9.8, this potentially wormable vulnerability should be a high priority for remediation.\n\n## Hyper-V Remote Code Execution - [CVE-2021-28476](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28476>)\n\nThere is some debate whether this vulnerability deserves its assigned 9.9 severity score. The limited details indicate that the most likely use of this bug is to cause a DoS on the Hyper-V host. This can cause a good amount of trouble for anyone running virtual machines but is not as damaging as the theoretical RCE this vulnerability could provide. In either case this is a good patch to put at the top of the todo-list.\n\n## Exchange Server Security Feature Bypass - [CVE-2021-31207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>)\n\nNot to be outdone, Exchange Server is back again with yet another patch. This one is not nearly as high profile as the recent vulnerability which saw widespread use, but still an important patch to apply given that Exchange Servers are almost always exposed to the internet. There are a few other less severe vulnerabilities this month for Exchange which were disclosed at Pwn2Own in April. We expect to see a continued focus on Exchange Server in the months to come.\n\n## Summary Tables\n\n## Azure Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31936](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31936>) | Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | No | No | 7.4 | Yes \n \n## Browser ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419>) | Scripting Engine Memory Corruption Vulnerability | No | No | 7.5 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27068>) | Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31213](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31213>) | Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31211](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31211>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31214](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31214>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204>) | .NET and Visual Studio Elevation of Privilege Vulnerability | No | Yes | 7.3 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31209](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-31207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>) | Microsoft Exchange Server Security Feature Bypass Vulnerability | No | Yes | 6.6 | Yes \n[CVE-2021-31198](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-31195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 6.5 | No \n \n## Microsoft Dynamics Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28461>) | Dynamics Finance and Operations Cross-site Scripting Vulnerability | No | No | 6.1 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26421](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26421>) | Skype for Business and Lync Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2021-26422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26422>) | Skype for Business and Lync Remote Code Execution Vulnerability | No | No | 7.2 | No \n[CVE-2021-28478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 7.1 | No \n[CVE-2021-26418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 4.6 | No \n[CVE-2021-28474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-31173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-31181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181>) | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171>) | Microsoft SharePoint Information Disclosure Vulnerability | No | No | 4.1 | Yes \n[CVE-2021-31175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31175>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31176>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31179>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31178>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31180>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31174>) | Microsoft Excel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n## Open Source Software Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31200>) | Common Utilities Remote Code Execution Vulnerability | No | Yes | 7.2 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31205](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31205>) | Windows SMB Client Security Feature Bypass Vulnerability | No | No | 4.3 | Yes \n[CVE-2021-31191](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31191>) | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31192](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31192>) | Windows Media Foundation Core Remote Code Execution Vulnerability | No | No | 7.3 | No \n[CVE-2021-31170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31170>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31185>) | Windows Desktop Bridge Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-31165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31165>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31167>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31168>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31169>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31208](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31208>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31190>) | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28479](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28479>) | Windows CSC Service Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-28465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28465>) | Web Media Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166>) | HTTP Protocol Stack Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n \n## Windows ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2020-24588](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-24588>) | Windows Wireless Networking Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2020-26144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26144>) | Windows Wireless Networking Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2020-24587](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-24587>) | Windows Wireless Networking Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-31193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31193>) | Windows SSDP Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31186>) | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | No | No | 7.4 | Yes \n[CVE-2021-31188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31194](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31194>) | OLE Automation Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31184>) | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31182>) | Microsoft Bluetooth Driver Spoofing Vulnerability | No | No | 7.1 | No \n[CVE-2021-28476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476>) | Hyper-V Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n \n## Windows Microsoft Office ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455>) | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n \n## Summary Graphs\n\n", "cvss3": {}, "published": "2021-05-11T23:44:00", "type": "rapid7blog", "title": "Patch Tuesday - May 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26144", "CVE-2021-26418", "CVE-2021-26419", "CVE-2021-26421", "CVE-2021-26422", "CVE-2021-27068", "CVE-2021-28455", "CVE-2021-28461", "CVE-2021-28465", "CVE-2021-28474", "CVE-2021-28476", "CVE-2021-28478", "CVE-2021-28479", "CVE-2021-31165", "CVE-2021-31166", "CVE-2021-31167", "CVE-2021-31168", "CVE-2021-31169", "CVE-2021-31170", "CVE-2021-31171", "CVE-2021-31172", "CVE-2021-31173", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180", "CVE-2021-31181", "CVE-2021-31182", "CVE-2021-31184", "CVE-2021-31185", "CVE-2021-31186", "CVE-2021-31187", "CVE-2021-31188", "CVE-2021-31190", "CVE-2021-31191", "CVE-2021-31192", "CVE-2021-31193", "CVE-2021-31194", "CVE-2021-31195", "CVE-2021-31198", "CVE-2021-31200", "CVE-2021-31204", "CVE-2021-31205", "CVE-2021-31207", "CVE-2021-31208", "CVE-2021-31209", "CVE-2021-31211", "CVE-2021-31213", "CVE-2021-31214", "CVE-2021-31936"], "modified": "2021-05-11T23:44:00", "id": "RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E", "href": "https://blog.rapid7.com/2021/05/11/patch-tuesday-may-2021/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-15T09:07:00", "bulletinFamily": "info", "cvelist": ["CVE-2021-1675", "CVE-2021-26414", "CVE-2021-26420", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31938", "CVE-2021-31939", "CVE-2021-31940", "CVE-2021-31941", "CVE-2021-31942", "CVE-2021-31943", "CVE-2021-31944", "CVE-2021-31945", "CVE-2021-31946", "CVE-2021-31948", "CVE-2021-31949", "CVE-2021-31950", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31957", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31960", "CVE-2021-31962", "CVE-2021-31963", "CVE-2021-31964", "CVE-2021-31965", "CVE-2021-31966", "CVE-2021-31967", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-31978", "CVE-2021-31980", "CVE-2021-31983", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33741", "CVE-2021-33742"], "description": "\n\nIt is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation ([CVE-2021-31955](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955>), [CVE-2021-31956](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956>), [CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), [CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>), [CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>), and [CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>)). These patches should be given immediate priority. Luckily they can all be addressed by normal operating system patches and should not require additional manual intervention. Additionally, Enterprises should take action on [CVE-2021-31962](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31962>) if they use Kerberos in their environment as it may allow an attacker to bypass Kerberos authentication altogether.\n\n## Windows MSHTML Platform Remote Code Execution Vulnerability ([CVE-2021-33742](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742>))\n\nThis is the only 0-day vulnerability this month which results in a remote code execution. The vulnerability lies within the MSHTML platform which is used by Internet Explorer 11 and Edge Legacy. While these two products are no longer fully supported (Edge Legacy is end of life and IE 11 is no longer supported on certain platforms) the underlying HTML libraries continue to be updated as other applications can make use of it. Further details for this vulnerability will be published by Google's Threat Analysis Group within the next 30 days.\n\n## Kerberos AppContainer Security Feature Bypass Vulnerability ([CVE-2021-31962](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31962>))\n\nWhile this vulnerability has not been exploited in the wild yet, it would be a rather juicy target for exploit developers. Were this to be exploited it may allow a complete bypass of Kerberos authentication, allowing a connection without a password. Kerberos is generally used in Enterprise environments and as such sysadmins should patch this if they are leveraging the strong cryptography authentication mechanism.\n\n## Multiple Elevation of Privilege 0-days \n\n### [CVE-2021-31955](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955>), [CVE-2021-31956](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956>), [CVE-2021-33739](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739>), [CVE-2021-31199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199>), and [CVE-2021-31201](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201>)\n\n \nThe rest of the 0-days this month can result in elevation of privilege. These vulnerabilities are often chained with other vulnerabilities in order to achieve code execution as an Administrator. Luckily for defenders, these vulnerabilities are simply patched using the traditional update methods.\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Apps Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31945](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31945>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31946](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31946>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31983](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31980](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31980>) | Microsoft Intune Management Extension Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-31942](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31942>) | 3D Viewer Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31943](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31943>) | 3D Viewer Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31944](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31944>) | 3D Viewer Information Disclosure Vulnerability | No | No | 5 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-33741](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33741>) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | No | No | 8.2 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31938>) | Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n[CVE-2021-31957](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 5.9 | No \n \n## ESU Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31968>) | Windows Remote Desktop Services Denial of Service Vulnerability | No | Yes | 7.5 | No \n[CVE-2021-1675](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31958](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958>) | Windows NTLM Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) | Windows NTFS Elevation of Privilege Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) | Windows MSHTML Platform Remote Code Execution Vulnerability | Yes | No | 7.5 | Yes \n[CVE-2021-31971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31971>) | Windows HTML Platform Security Feature Bypass Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-31973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31973>) | Windows GPSVC Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31953](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31953>) | Windows Filter Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26414](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414>) | Windows DCOM Server Security Feature Bypass | No | No | 4.8 | Yes \n[CVE-2021-31954](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31959>) | Scripting Engine Memory Corruption Vulnerability | No | No | 6.4 | Yes \n[CVE-2021-31199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | Yes | No | 5.2 | Yes \n[CVE-2021-31201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | Yes | No | 5.2 | Yes \n[CVE-2021-31962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31962>) | Kerberos AppContainer Security Feature Bypass Vulnerability | No | No | 9.4 | Yes \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31948](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950>) | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31966](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.2 | No \n[CVE-2021-31963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.1 | No \n[CVE-2021-26420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.1 | No \n[CVE-2021-31965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-31949](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31949>) | Microsoft Outlook Remote Code Execution Vulnerability | No | No | 6.7 | Yes \n[CVE-2021-31940](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31940>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31941](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31941>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31939](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31985](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31985>) | Microsoft Defender Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31978](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31978>) | Microsoft Defender Denial of Service Vulnerability | No | No | 5.5 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31970](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31970>) | Windows TCP/IP Driver Security Feature Bypass Vulnerability | No | No | 5.5 | No \n[CVE-2021-31952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31952>) | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) | Windows Kernel Information Disclosure Vulnerability | Yes | No | 5.5 | Yes \n[CVE-2021-31951](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31951>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31977](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977>) | Windows Hyper-V Denial of Service Vulnerability | No | No | 8.6 | Yes \n[CVE-2021-31969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31969>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31960>) | Windows Bind Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31967>) | VP9 Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31975>) | Server for NFS Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31976](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31976>) | Server for NFS Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-31974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31974>) | Server for NFS Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-33739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Yes | Yes | 8.4 | Yes \n[CVE-2021-31972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31972>) | Event Tracing for Windows Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n## Summary Graphs\n\n", "modified": "2021-06-08T10:00:00", "published": "2021-06-08T10:00:00", "id": "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C", "href": "https://blog.rapid7.com/2021/06/08/patch-tuesday-june-2021/", "type": "rapid7blog", "title": "Patch Tuesday - June 2021", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2021-06-14T06:32:34", "description": "### Microsoft Patch Tuesday \u2013 May 2021\n\nMicrosoft patched 55 CVEs in their May 2021 Patch Tuesday release, of which 4 are rated as critical severity. Three 0-day vulnerability patches were included in the release. As of this publication date, none have been exploited.\n\nQualys released 12 QIDs on the same day, providing vulnerability detection and patch management coverage (where applicable) for all 55 CVEs and the related KBs.\n\n#### Critical Microsoft vulnerabilities patched: \n\n**CVE-2021-31181 **- SharePoint Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in SharePoint (CVE-2021-31181). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 8.8 by the vendor. \n\n**CVE-2021-31166 **- HTTP Protocol Stack Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in Windows. This vulnerability allows an unauthenticated attacker to remotely execute code as kernel. This is a wormable vulnerability where an attacker can simply send a malicious crafted packet to the target impacted web-server. CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 9.8 by the vendor.\n\n**CVE-2021-28476** - Hyper-V Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE in Windows Server that impacts Hyper-V. Though the exploitation of this vulnerability is less likely (according to Microsoft), this should be prioritized for patching since adversaries can abuse this vulnerability and cause Denial of Service (DoS) in the form of a bug check. This CVE is assigned a CVSSv3 base score of 9.9 by the vendor.\n\n#### Three 0-day vulnerabilities patched: \n\n * CVE-2021-31204 - .NET and Visual Studio Elevation of Privilege Vulnerability \n * CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability\n * CVE-2021-31200 - Common Utilities Remote Code Execution Vulnerability\n\n#### Qualys QIDs Providing Coverage\n\nQID| Title| Severity| CVE ID \n---|---|---|--- \n100415| Microsoft Internet Explorer Security Update for May 2021| Medium| CVE-2021-26419 \n91762| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities May 2021| High| CVE-2021-31181 \nCVE-2021-31173 \nCVE-2021-31172 \nCVE-2021-31171 \nCVE-2021-26418 \nCVE-2021-28478 \nCVE-2021-28474 \n110381| Microsoft Office and Microsoft Office Services and Web Apps Security Update May 2021| High| CVE-2021-31180 \nCVE-2021-31179 \nCVE-2021-31178 \nCVE-2021-31177 \nCVE-2021-31176 \nCVE-2021-31175 \nCVE-2021-31174 \nCVE-2021-28455 \n110382| Microsoft Skype for Business Server Security and Lync Server Update for May 2021| High| CVE-2021-26421 \nCVE-2021-26422 \n375556| Visual Studio Code Remote Code Execution Vulnerability| High| CVE-2021-31214 \nCVE-2021-31211 \n375557| Visual Studio Code Remote Development for Containers Extension Remote Code Execution Vulnerability| Medium| CVE-2021-31213 \n50111| Microsoft Exchange Server Multiple Vulnerabilities - May 2021| High| CVE-2021-31209 \nCVE-2021-31207 \nCVE-2021-31198 \nCVE-2021-31195 \n91762| Microsoft Windows Security Update for May 2021| Critical| CVE-2021-31192 \nCVE-2021-31188 \nCVE-2021-31170 \nCVE-2021-28476 \nCVE-2021-31184 \nCVE-2021-31190 \nCVE-2021-31167 \nCVE-2021-31168 \nCVE-2021-31208 \nCVE-2021-31169 \nCVE-2021-31165 \nCVE-2021-1720 \nCVE-2021-28479 \nCVE-2021-31185 \nCVE-2021-31194 \nCVE-2021-31191 \nCVE-2021-31186 \nCVE-2021-31205 \nCVE-2021-31193 \nCVE-2021-31187 \nCVE-2020-26144 \nCVE-2020-24587 \nCVE-2020-24588 \n91763| Microsoft Visual Studio Security Update for May 2021| High| CVE-2021-27068 \nCVE-2021-31204 \n91764| Microsoft Windows Web Media Extensions Remote Code Execution Vulnerability| High| CVE-2021-28465 \n91766| Microsoft .NET Core Security Update May 2021| Medium| CVE-2021-31204 \n91767| Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability - May 2021| Critical| CVE-2021-31166 \n \n### Adobe Patch Tuesday \u2013 May 2021\n\nAdobe addressed 46 CVEs this Patch Tuesday, of which 26 are rated as critical severity, including one critical 0-day (CVE-2021-28550) impacting Adobe Acrobat and Reader product.\n\nAdobe products patches include the following: Experience Manager, InDesign, Illustrator, InCopy, Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop Application, Media Encoder, After Effects, Medium, and Animate products.\n\nQualys released 5 QIDs on the same day, providing vulnerability detection for 30 of the 46 CVEs, including 8 rated as critical.\n\n#### One 0-day vulnerability patched:\n\n**CVE-2021-28550**\n\nThis is a Remote Code Execution vulnerability impacting Adobe Acrobat and Reader and is being actively exploited in the wild on Windows devices. Adversaries are able to execute arbitrary code in windows, including installing malicious applications and gaining complete access to target machines.\n\nAdobe Security Bulletin| QID| Severity| CVE ID \n---|---|---|--- \n[APSB21-22 Security updates available for Adobe InDesign](<https://helpx.adobe.com/security/products/indesign/apsb21-22.html>)| 375549| Critical \nCritical \nCritical| CVE-2021-21098 \nCVE-2021-21099 \nCVE-2021-21043 \n[APSB21-24 Security update available for Adobe Illustrator](<https://helpx.adobe.com/security/products/illustrator/apsb21-24.html>)| 375551| Critical \nCritical \nCritical \nCritical \nCritical| CVE-2021-21101 \nCVE-2021-21103 \nCVE-2021-21104 \nCVE-2021-21105 \nCVE-2021-21102 \n[APSB21-29 Security update available for Adobe Acrobat and Reader](<https://helpx.adobe.com/security/products/acrobat/apsb21-29.html>)| 375547| Important \nCritical \nImportant \nCritical \nImportant \nCritical \nCritical \nCritical \nCritical \nCritical \nImportant \nCritical \nCritical \nCritical| CVE-2021-28561 \nCVE-2021-28560 \nCVE-2021-28558 \nCVE-2021-28557 \nCVE-2021-28555 \nCVE-2021-28565 \nCVE-2021-28564 \nCVE-2021-21044 \nCVE-2021-21038 \nCVE-2021-21086 \nCVE-2021-28559 \nCVE-2021-28562 \nCVE-2021-28550 \nCVE-2021-28553 \n[APSB21-32 Security update available for Adobe Media Encoder](<https://helpx.adobe.com/security/products/media-encoder/apsb21-32.html>)| 375550| Important| CVE-2021-28569 \n[APSB21-35 Security update available for Adobe Animate7](<https://helpx.adobe.com/security/products/animate/apsb21-35.html>)| 375553| Important \nImportant \nImportant \nImportant \nImportant \nCritical \nCritical| CVE-2021-28572 \nCVE-2021-28573 \nCVE-2021-28574 \nCVE-2021-28575 \nCVE-2021-28576 \nCVE-2021-28578 \nCVE-2021-28577 \n \n### Discover Patch Tuesday Vulnerabilities in VMDR \n\n[Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`50111` OR qid:`91762` OR qid:`91763` OR qid:`91764` OR qid:`91766` OR qid:`91767` OR qid:`100415` OR qid:`110380` OR qid:`110381` OR qid:`110382` OR qid:`375547` OR qid:`375549` OR qid:`375550` OR qid:`375551` OR qid:`375553` OR qid:`375556` OR qid:`375557`)`\n\n\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`qid:`50111` OR qid:`91762` OR qid:`91763` OR qid:`91764` OR qid:`91766` OR qid:`91767` OR qid:`100415` OR qid:`110380` OR qid:`110381` OR qid:`110382` OR qid:`375547` OR qid:`375549` OR qid:`375550` OR qid:`375551` OR qid:`375553` OR qid:`375556` OR qid:`375557``\n\n\n\n### Patch Tuesday Dashboard \n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://qualys-secure.force.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Patches_](<https://www.brighttalk.com/webcast/11673/486394>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * 21Nails Exim Mail Server Multiple Vulnerabilities\n * Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)\n * Microsoft Patch Tuesday, May 2021\n\n[Join us live or watch on demand](<https://www.brighttalk.com/webcast/11673/486394>)!\n\n### About Patch Tuesday \n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {}, "published": "2021-05-11T21:53:37", "type": "qualysblog", "title": "Microsoft & Adobe Patch Tuesday (May 2021) \u2013 Qualys covers 85 Vulnerabilities, 26 Critical", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26144", "CVE-2021-1720", "CVE-2021-21038", "CVE-2021-21043", "CVE-2021-21044", "CVE-2021-21086", "CVE-2021-21098", "CVE-2021-21099", "CVE-2021-21101", "CVE-2021-21102", "CVE-2021-21103", "CVE-2021-21104", "CVE-2021-21105", "CVE-2021-22893", "CVE-2021-26418", "CVE-2021-26419", "CVE-2021-26421", "CVE-2021-26422", "CVE-2021-27068", "CVE-2021-28455", "CVE-2021-28465", "CVE-2021-28474", "CVE-2021-28476", "CVE-2021-28478", "CVE-2021-28479", "CVE-2021-28550", "CVE-2021-28553", "CVE-2021-28555", "CVE-2021-28557", "CVE-2021-28558", "CVE-2021-28559", "CVE-2021-28560", "CVE-2021-28561", "CVE-2021-28562", "CVE-2021-28564", "CVE-2021-28565", "CVE-2021-28569", "CVE-2021-28572", "CVE-2021-28573", "CVE-2021-28574", "CVE-2021-28575", "CVE-2021-28576", "CVE-2021-28577", "CVE-2021-28578", "CVE-2021-31165", "CVE-2021-31166", "CVE-2021-31167", "CVE-2021-31168", "CVE-2021-31169", "CVE-2021-31170", "CVE-2021-31171", "CVE-2021-31172", "CVE-2021-31173", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180", "CVE-2021-31181", "CVE-2021-31184", "CVE-2021-31185", "CVE-2021-31186", "CVE-2021-31187", "CVE-2021-31188", "CVE-2021-31190", "CVE-2021-31191", "CVE-2021-31192", "CVE-2021-31193", "CVE-2021-31194", "CVE-2021-31195", "CVE-2021-31198", "CVE-2021-31200", "CVE-2021-31204", "CVE-2021-31205", "CVE-2021-31207", "CVE-2021-31208", "CVE-2021-31209", "CVE-2021-31211", "CVE-2021-31213", "CVE-2021-31214"], "modified": "2021-05-11T21:53:37", "id": "QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-15T08:32:22", "description": "### Microsoft Patch Tuesday \u2013 June 2021\n\nMicrosoft patched 50 CVEs in their June 2021 Patch Tuesday release, and five of them are rated as critical severity. Six have applicable exploits.\n\n#### Critical Microsoft Vulnerabilities Patched\n\n[CVE-2021-31985](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31985>) \u2013 Microsoft Defender Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.\n\n[CVE-2021-31959](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31959>) \u2013 Scripting Engine Memory Corruption Vulnerability\n\nMicrosoft released patches addressing a critical memory corruption vulnerability in the Chakra JScript scripting engine. This vulnerability impacts Windows RT, Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, Windows Server 2012 (R2) and Windows Server 2016. An adversary can exploit this vulnerability when the target user opens a specially crafted file.\n\n[CVE-2021-31963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31963>) \u2013 Microsoft SharePoint Server Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE in SharePoint Server. This CVE is assigned a CVSSv3 base score of 7.1 by the vendor.\n\n#### Six 0-Day Vulnerabilities with Exploits in the Wild Patched\n\nThe following vulnerabilities need immediate attention for patching since they have active exploits in the wild:\n\n[CVE-2021-33742](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33742>) \u2013 Windows MSHTML Platform Remote Code Execution Vulnerability \n[CVE-2021-33739](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33739>) \u2013 Microsoft DWM Core Library Elevation of Privilege Vulnerability \n[CVE-2021-31956](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31956>) \u2013 Windows NTFS Elevation of Privilege Vulnerability \n[CVE-2021-31955](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31955>) \u2013 Windows Kernel Information Disclosure Vulnerability \n[CVE-2021-31201](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31201>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability \n[CVE-2021-31199](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31199>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n\n#### **Qualys QIDs Providing Coverage**\n\nQID| Title| Severity| CVE ID \n---|---|---|--- \n91768| Microsoft .NET Core Security Update June 2021| Medium| CVE-2021-31957 \n91769| Microsoft Visual Studio Security Update for June 2021| Medium| CVE-2021-31957 \n375614| Visual Studio Code Kubernetes Tools Extension Elevation of Privilege Vulnerability| Medium| CVE-2021-31938 \n110383| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities June 2021| High| CVE-2021-31966,CVE-2021-31965,CVE-2021-31964,CVE-2021-31963,CVE-2021-31950,CVE-2021-31948,CVE-2021-26420 \n110384| Microsoft Office and Microsoft Office Services and Web Apps Security Update June 2021| High| CVE-2021-31939,CVE-2021-31941,CVE-2021-31940,CVE-2021-31949 \n110385| Mcrosoft Outlook Remote Code Execution Vulnerability Security Update June 2021| High| CVE-2021-31949,CVE-2021-31941 \n91771| Microsoft Defender Multiple Vulnerabilities - June 2021| Critical| CVE-2021-31978,CVE-2021-31985 \n91772| Microsoft Windows Security Update for June 2021| Critical| CVE-2021-1675,CVE-2021-26414,CVE-2021-31199,CVE-2021-31201,CVE-2021-31951,CVE-2021-31952,CVE-2021-31953,CVE-2021-31954,CVE-2021-31955,CVE-2021-31956,CVE-2021-31958,CVE-2021-31959,CVE-2021-31960,CVE-2021-31962,CVE-2021-31968,CVE-2021-31969,CVE-2021-31970,CVE-2021-31971,CVE-2021-31972,CVE-2021-31973,CVE-2021-31974,CVE-2021-31975,CVE-2021-31976,CVE-2021-31977,CVE-2021-33742 \n91773| Microsoft 3D Viewer Multiple Vulnerabilities - June 2021| High| CVE-2021-31944,CVE-2021-31943,CVE-2021-31942 \n91774| Microsoft Paint 3D Remote Code Execution Vulnerability| High| CVE-2021-31983,CVE-2021-31946,CVE-2021-31945 \n91775| Microsoft Windows VP9 Video Extension Remote Code Execution Vulnerability| Medium| CVE-2021-31967 \n91777| Microsoft Windows DWM Core Library Elevation of Privilege Vulnerability - June 2021 | High| CVE-2021-33739 \n \n### Adobe Patch Tuesday \u2013 June 2021\n\nAdobe addressed 41 CVEs this Patch Tuesday, and 21 of them are rated as critical severity impacting Acrobat and Reader, Adobe Photoshop, Creative Cloud Desktop Application, RoboHelp Server, Adobe After Effects, and Adobe Animate products.\n\nAdobe Security Bulletin| QID| Severity| CVE ID \n---|---|---|--- \nAdobe Animate Multiple Security Vulnerabilities (APSB21-50)| 91770| Medium| CVE-2021-28630,CVE-2021-28619,CVE-2021-28617,CVE-2021-28618,CVE-2021-28621,CVE-2021-28620,CVE-2021-28629,CVE-2021-28622 \nAdobe Security Update for Adobe Acrobat and Reader( APSB21-37)| 375611| High| CVE-2021-28551,CVE-2021-28554,CVE-2021-28552,CVE-2021-28631,CVE-2021-28632 \n \n### Discover Patch Tuesday Vulnerabilities in VMDR\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`91768` OR qid:`91769` OR qid:`91770` OR qid:`91771` OR qid:`91772` OR qid:`91773` OR qid:`91774` OR qid:`91775` OR qid:`91777` OR qid:`110383` OR qid:`110384` OR qid:`110385` OR qid:`375611` OR qid:`375614`)`\n\n\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`(qid:`91768` OR qid:`91769` OR qid:`91770` OR qid:`91771` OR qid:`91772` OR qid:`91773` OR qid:`91774` OR qid:`91775` OR qid:`91777` OR qid:`110383` OR qid:`110384` OR qid:`110385` OR qid:`375611` OR qid:`375614`)`\n\n\n\n### Patch Tuesday Dashboard\n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://qualys-secure.force.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Patches_](<https://www.brighttalk.com/webcast/11673/491681>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * VMware vCenter Server Multiple Vulnerabilities\n * Ubuntu XStream Vulnerabilities\n * Microsoft Patch Tuesday, June 2021\n\n[Join us live or watch on demand](<https://www.brighttalk.com/webcast/11673/491681>)!\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {}, "published": "2021-06-08T21:19:29", "type": "qualysblog", "title": "Microsoft & Adobe Patch Tuesday (June 2021) \u2013 Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-1675", "CVE-2021-26414", "CVE-2021-26420", "CVE-2021-28551", "CVE-2021-28552", "CVE-2021-28554", "CVE-2021-28617", "CVE-2021-28618", "CVE-2021-28619", "CVE-2021-28620", "CVE-2021-28621", "CVE-2021-28622", "CVE-2021-28629", "CVE-2021-28630", "CVE-2021-28631", "CVE-2021-28632", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31938", "CVE-2021-31939", "CVE-2021-31940", "CVE-2021-31941", "CVE-2021-31942", "CVE-2021-31943", "CVE-2021-31944", "CVE-2021-31945", "CVE-2021-31946", "CVE-2021-31948", "CVE-2021-31949", "CVE-2021-31950", "CVE-2021-31951", "CVE-2021-31952", "CVE-2021-31953", "CVE-2021-31954", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31957", "CVE-2021-31958", "CVE-2021-31959", "CVE-2021-31960", "CVE-2021-31962", "CVE-2021-31963", "CVE-2021-31964", "CVE-2021-31965", "CVE-2021-31966", "CVE-2021-31967", "CVE-2021-31968", "CVE-2021-31969", "CVE-2021-31970", "CVE-2021-31971", "CVE-2021-31972", "CVE-2021-31973", "CVE-2021-31974", "CVE-2021-31975", "CVE-2021-31976", "CVE-2021-31977", "CVE-2021-31978", "CVE-2021-31983", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-08T21:19:29", "id": "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}