KLA20121
Multiple vulnerabilities in Microsoft Office

Updated: 12/15/2022
Detect date
?
12/13/2022
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Office Graphics can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft Office Visio can be exploited remotely to execute arbitrary code.
  4. A spoofing vulnerability in Microsoft Outlook for Mac can be exploited remotely to spoof user interface.
  5. A remote code execution vulnerability in Microsoft Office OneNote can be exploited remotely to execute arbitrary code.
Affected products

Microsoft Office 2019 for Mac
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Visio 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Visio 2016 (32-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Visio 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Server Subscription Edition
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft SharePoint Server 2019
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 64-bit editions

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-26806
CVE-2022-26805
CVE-2022-44693
CVE-2022-47211
CVE-2022-26804
CVE-2022-44695
CVE-2022-44694
CVE-2022-44696
CVE-2022-44690
CVE-2022-44713
CVE-2022-47212
CVE-2022-44691
CVE-2022-47213
CVE-2022-44692

Impacts
?
ACE 
[?]

SUI 
[?]
Related products
Microsoft Office
Microsoft SharePoint
KB list

5002280
5002327
5002319
5002321
5002286
5002317
5002311

Find out the statistics of the vulnerabilities spreading in your region