KLA12386
Multiple vulnerabilities in Microsoft Apps

Updated: 12/16/2021
Detect date
?
12/14/2021
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Office app can be exploited remotely to execute arbitrary code.
  2. A spoofing vulnerability in Windows AppX Installer can be exploited remotely to spoof user interface.
Affected products

Microsoft Office app
Windows AppX Installer

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-43905
CVE-2021-43890

Impacts
?
ACE 
[?]

SUI 
[?]
Related products
Microsoft Office
Find out the statistics of the vulnerabilities spreading in your region