Searching
..

Click anywhere to stop

KLA61354
Multiple vulnerabilities in Microsoft Office

Updated: 01/25/2024
Detect date
?
10/10/2023
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Microsoft Office Graphics can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Microsoft Office can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Skype for Business can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in Microsoft Office Click-To-Run can be exploited remotely to gain privileges.
  5. A remote code execution vulnerability in Skype for Business can be exploited remotely to execute arbitrary code.
Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Microsoft 365 Apps for Enterprise for 64-bit Systems
Skype for Business Server 2019 CU7
Microsoft Office 2019 for 64-bit editions
Microsoft Office for Android
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office 2019 for Mac
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office for Universal
Microsoft Office 2019 for 32-bit editions
Skype for Business Server 2015 CU13

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update component usually can be accessed from the Control Panel) and updates from the Update Options section, that are listed in your Office Account (Office Account tab usually can be accessed from the File menu)
Install Office updates

Original advisories

CVE-2023-36565
CVE-2023-36569
CVE-2023-41763
CVE-2023-36568
CVE-2023-36786
CVE-2023-36789
CVE-2023-36780

Impacts
?
ACE 
[?]

PE 
[?]
Related products
Microsoft Office
Skype for Business
CVE-IDS
?
KB list

3061064
4470124

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region