Kaspersky Threats

Detect date

?

03/14/2017

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to cause a denial of service, gain privileges, obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

An improper sanitizing of a specially designed web request to an affected SharePoint server can be exploited remotely to gain privileges;
An improper certificate validation in the Lync for Mac 2011 can be exploited remotely to bypass security restrictions;
Memory corruption vulnerabilities can be exploited remotely via a specially designed file or website to execute arbitrary code in the context of current user;
An improper disclosure of memory contents can be exploited remotely via a specially designed document to obtain sensitive information;
An unknown vulnerability can be exploited remotely via a specially designed file to cause a denial of service;
An out-of-bounds read due to an uninitialized variable can be exploited remotely via a specially designed file to obtain sensitive information.

Technical details

Vulnerability (1) can be exploited by an authenticated attacker;

Exploiting vulnerability (2) requires intercepting and tampering with network traffic.

Vulnerabilities (3) exist because of incorrect object handling in memory.

In case of vulnerabilities (3), you can use Microsoft Office block policy to reventing opening of RTF documents from either unknown or untrusted sources.

To exploit vulnerability (4), an attacker must know the memory adress location, where the object has been created.

Affected products

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013RT
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS17-014
CVE-2017-0014
CVE-2017-0060
CVE-2017-0073
CVE-2017-0108
CVE-2017-0052
CVE-2017-0053
CVE-2017-0129
CVE-2017-0020
CVE-2017-0027
CVE-2017-0105
CVE-2017-0107
CVE-2017-0029
CVE-2017-0030
CVE-2017-0019
CVE-2017-0006
CVE-2017-0031

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

Detect date ?	03/14/2017
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to cause a denial of service, gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: An improper sanitizing of a specially designed web request to an affected SharePoint server can be exploited remotely to gain privileges; An improper certificate validation in the Lync for Mac 2011 can be exploited remotely to bypass security restrictions; Memory corruption vulnerabilities can be exploited remotely via a specially designed file or website to execute arbitrary code in the context of current user; An improper disclosure of memory contents can be exploited remotely via a specially designed document to obtain sensitive information; An unknown vulnerability can be exploited remotely via a specially designed file to cause a denial of service; An out-of-bounds read due to an uninitialized variable can be exploited remotely via a specially designed file to obtain sensitive information. Technical details Vulnerability (1) can be exploited by an authenticated attacker; Exploiting vulnerability (2) requires intercepting and tampering with network traffic. Vulnerabilities (3) exist because of incorrect object handling in memory. In case of vulnerabilities (3), you can use Microsoft Office block policy to reventing opening of RTF documents from either unknown or untrusted sources. To exploit vulnerability (4), an attacker must know the memory adress location, where the object has been created.
Affected products	Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013RT Microsoft Office 2016 Microsoft Office for Mac 2011 Microsoft Office 2016 for Mac Microsoft Office Compatibility Pack Service Pack 3
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	MS17-014 CVE-2017-0014 CVE-2017-0060 CVE-2017-0073 CVE-2017-0108 CVE-2017-0052 CVE-2017-0053 CVE-2017-0129 CVE-2017-0020 CVE-2017-0027 CVE-2017-0105 CVE-2017-0107 CVE-2017-0029 CVE-2017-0030 CVE-2017-0019 CVE-2017-0006 CVE-2017-0031
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?]
Related products	Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office PowerPoint Microsoft Office Professional Plus 2010 Microsoft Excel Microsoft Word Microsoft Sharepoint Server
CVE-IDS ?	CVE-2017-00140.0Unknown CVE-2017-00600.0Unknown CVE-2017-00730.0Unknown CVE-2017-01080.0Unknown CVE-2017-00529.3Critical CVE-2017-00539.3Critical CVE-2017-01295.0Critical CVE-2017-00209.3Critical CVE-2017-00272.6Warning CVE-2017-01054.3Warning CVE-2017-01074.3Warning CVE-2017-00294.3Warning CVE-2017-00309.3Critical CVE-2017-00199.3Critical CVE-2017-00069.3Critical CVE-2017-00319.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3127945 3127958 3141535 3172539 3178653 3178656 3178688 3178693 4010299 4010300 4010301 4010303 4010304 3178676 3178683 3178686 3178690 3178687 3172542 3172464 3178673 3178674 3198809 3178677 3178682 3178680 3178694 3212218 3178678 3178685 3178684 3172431 3178689 3172457 3172540 4012487
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/41656 https://www.exploit-db.com/exploits/41647 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.