KLA12584
Multiple vulnerabilities in Microsoft Office

Updated: 07/15/2022
Detect date
?
07/12/2022
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Skype for Business and Lync can be exploited remotely to execute arbitrary code.
  2. A security feature bypass vulnerability in Microsoft Office can be exploited remotely to bypass security restrictions.
Affected products

Microsoft Office 2013 Service Pack 1 (32-bit editions)
Skype for Business Server 2015 CU12
Microsoft Lync Server 2013 CU10
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office 2016 (64-bit edition)
Skype for Business Server 2019 CU6
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office 2016 (32-bit edition)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2013 RT Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-33633
CVE-2022-33632

Impacts
?
ACE 
[?]

SB 
[?]
Related products
Microsoft Lync
Microsoft Office
Microsoft Lync Server
CVE-IDS
?
CVE-2022-336335.0Critical
CVE-2022-336325.0Critical
KB list

5016714
5002112
5002121

Find out the statistics of the vulnerabilities spreading in your region