Kaspersky Threats

Detect date

?

06/08/2021

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Microsoft Office Graphics can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Microsoft Outlook can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface.
A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
An information disclosure vulnerability in Microsoft SharePoint Server can be exploited remotely to obtain sensitive information.

Affected products

Microsoft SharePoint Enterprise Server 2016
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft Excel 2016 (64-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office 2019 for Mac
Microsoft Excel 2013 RT Service Pack 1
Microsoft Outlook 2016 (32-bit edition)
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft 365 Apps for Enterprise for 64-bit Systems
Office Online Server

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-31940
CVE-2021-31949
CVE-2021-26420
CVE-2021-31948
CVE-2021-31966
CVE-2021-31939
CVE-2021-31965
CVE-2021-31941
CVE-2021-31963
CVE-2021-31964
CVE-2021-31950

Impacts

?

ACE

[?]

OSI

[?]

SUI

[?]

Detect date ?	06/08/2021
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Microsoft Office Graphics can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in Microsoft Outlook can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code. A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code. An information disclosure vulnerability in Microsoft SharePoint Server can be exploited remotely to obtain sensitive information.
Affected products	Microsoft SharePoint Enterprise Server 2016 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Office 2019 for 32-bit editions Microsoft Excel 2016 (64-bit edition) Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office 2019 for Mac Microsoft Excel 2013 RT Service Pack 1 Microsoft Outlook 2016 (32-bit edition) Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Excel 2016 (32-bit edition) Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2013 RT Service Pack 1 Microsoft 365 Apps for Enterprise for 64-bit Systems Office Online Server
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2021-31940 CVE-2021-31949 CVE-2021-26420 CVE-2021-31948 CVE-2021-31966 CVE-2021-31939 CVE-2021-31965 CVE-2021-31941 CVE-2021-31963 CVE-2021-31964 CVE-2021-31950
Impacts ?	ACE [?] OSI [?] SUI [?]
Related products	Microsoft Office Microsoft Outlook Microsoft Excel
CVE-IDS ?	CVE-2021-319406.8High CVE-2021-319496.8High CVE-2021-264206.5High CVE-2021-319485.5High CVE-2021-319666.5High CVE-2021-319396.8High CVE-2021-319654.0Warning CVE-2021-319416.8High CVE-2021-319636.5High CVE-2021-319645.5High CVE-2021-319505.5High
Microsoft official advisories	Microsoft Security Update Guide
KB list	5001963 5001946 5001944 5001955 5001953 5001943 5001956 5001939 5001934 5001954 5001945 5001947 5001962 4011698 5001950 5001922 5001942 5001951
	Find out the statistics of the vulnerabilities spreading in your region

KLA12201Multiple vulnerabilities in Microsoft Office

KLA12201
Multiple vulnerabilities in Microsoft Office