KLA11287
Multiple vulnerabilities in Microsoft Office

Updated: 06/06/2022
Detect date
?
07/10/2018
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, gain privileges.

Below is a complete list of vulnerabilities:

  1. A tampering vulnerability in Microsoft Office can be exploited remotely to spoof user interface.
  2. A remote code execution vulnerability in Microsoft Office can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Skype for Business and Microsoft Lync can be exploited remotely to execute arbitrary code.
  4. A remote code execution vulnerability in Microsoft Access can be exploited remotely to execute arbitrary code.
  5. An elevation of privilege vulnerability in Microsoft SharePoint can be exploited remotely to gain privileges.
  6. A security feature bypass vulnerability in Skype for Business and Lync can be exploited remotely to bypass security restrictions.
  7. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
  8. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
Affected products

Skype for Business 2016 (32-bit)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Skype for Business 2016 (64-bit)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft PowerPoint Viewer
Microsoft Office Word Viewer
Microsoft Office 2016 for Mac
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel Viewer
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2016 (64-bit edition)
Microsoft Access 2016 (32-bit edition)
Microsoft Access 2016 (64-bit edition)
Microsoft Access 2013 Service Pack 1 (32-bit editions)
Microsoft Access 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Project Server 2013 Service Pack 1 (64-bit edition)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Project Server 2010 Service Pack 2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8310
CVE-2018-8281
CVE-2018-8311
CVE-2018-8312
CVE-2018-8323
CVE-2018-8238
CVE-2018-8300
CVE-2018-8299
CVE-2018-8284

Impacts
?
ACE 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft Access
Microsoft Lync
Microsoft Office
Microsoft Excel
Microsoft Word
Microsoft SharePoint
CVE-IDS
?
CVE-2018-83105.0Critical
CVE-2018-82819.3Critical
CVE-2018-83116.8High
CVE-2018-83129.3Critical
CVE-2018-83233.5Warning
CVE-2018-82389.3Critical
CVE-2018-83006.5High
CVE-2018-82993.5Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

4022224
4022200
4022225
4032214
4022202
4011202
4018351
4022221
4022228
4022218
4022243
4018338
4022235

Find out the statistics of the vulnerabilities spreading in your region