Kaspersky Threats

Detect date

?

07/13/2021

Severity

?

High

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, obtain sensitive information.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Microsoft Word can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
A spoofing vulnerability in Microsoft Office Online Server can be exploited remotely to spoof user interface.
A security feature bypass vulnerability in Microsoft Office can be exploited remotely to bypass security restrictions.
A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface.
An information disclosure vulnerability in Microsoft SharePoint Server can be exploited remotely to obtain sensitive information.
A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.

Affected products

Microsoft Word 2016 (64-bit edition)
Microsoft Office 2013 RT Service Pack 1
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2016 (32-bit edition)
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for Mac
Microsoft Office Online Server
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office Web Apps Server 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-34452
CVE-2021-34520
CVE-2021-34451
CVE-2021-34467
CVE-2021-34469
CVE-2021-34517
CVE-2021-34468
CVE-2021-34519
CVE-2021-34518
CVE-2021-34501

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

SUI

[?]

Detect date ?	07/13/2021
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Microsoft Word can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code. A spoofing vulnerability in Microsoft Office Online Server can be exploited remotely to spoof user interface. A security feature bypass vulnerability in Microsoft Office can be exploited remotely to bypass security restrictions. A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface. An information disclosure vulnerability in Microsoft SharePoint Server can be exploited remotely to obtain sensitive information. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
Affected products	Microsoft Word 2016 (64-bit edition) Microsoft Office 2013 RT Service Pack 1 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 Microsoft Word 2016 (32-bit edition) Microsoft Office 2019 for 64-bit editions Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (64-bit edition) Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office 2019 for Mac Microsoft Office Online Server Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Office 2019 for 32-bit editions Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office Web Apps Server 2013 Service Pack 1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2021-34452 CVE-2021-34520 CVE-2021-34451 CVE-2021-34467 CVE-2021-34469 CVE-2021-34517 CVE-2021-34468 CVE-2021-34519 CVE-2021-34518 CVE-2021-34501
Impacts ?	ACE [?] OSI [?] SB [?] SUI [?]
Related products	Microsoft Office Microsoft Excel Microsoft Word
CVE-IDS ?	CVE-2021-344526.8High CVE-2021-345206.5High CVE-2021-344515.0Critical CVE-2021-344676.5High CVE-2021-344695.8High CVE-2021-345175.0Critical CVE-2021-344685.4High CVE-2021-345192.3Warning CVE-2021-345186.8High CVE-2021-345016.8High
KB list	5001949 5001981 5001993 5001973 5001983 5001996 5001977 5001992 5001984 5001979 5001975 5001976 5001986
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA12220Multiple vulnerabilities in Microsoft Office

KLA12220
Multiple vulnerabilities in Microsoft Office