Kaspersky Threats

Detect date

?

11/14/2023

Severity

?

High

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

A security feature bypass vulnerability in Microsoft Excel can be exploited remotely to bypass security restrictions.
A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
A security feature bypass vulnerability in Microsoft Office can be exploited remotely to bypass security restrictions.
A remote code execution vulnerability in Microsoft Office Graphics can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft SharePoint Server 2019
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Enterprise Server 2016
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft Office 2019 for 64-bit editions
Microsoft Excel 2016 (32-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 (32-bit edition)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 64-bit Systems

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update component usually can be accessed from the Control Panel) and updates from the Update Options section, that are listed in your Office Account (Office Account tab usually can be accessed from the File menu)
Install Office updates

Original advisories

CVE-2023-36037
CVE-2023-36041
CVE-2023-36413
CVE-2023-36045
CVE-2023-38177

Impacts

?

ACE

[?]

SB

[?]

Detect date ?	11/14/2023
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: A security feature bypass vulnerability in Microsoft Excel can be exploited remotely to bypass security restrictions. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code. A security feature bypass vulnerability in Microsoft Office can be exploited remotely to bypass security restrictions. A remote code execution vulnerability in Microsoft Office Graphics can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
Exploitation	Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft SharePoint Server 2019 Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Enterprise Server 2016 Microsoft Office LTSC 2021 for 64-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Office 2019 for 64-bit editions Microsoft Excel 2016 (32-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2016 (32-bit edition) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update component usually can be accessed from the Control Panel) and updates from the Update Options section, that are listed in your Office Account (Office Account tab usually can be accessed from the File menu) Install Office updates
Original advisories	CVE-2023-36037 CVE-2023-36041 CVE-2023-36413 CVE-2023-36045 CVE-2023-38177
Impacts ?	ACE [?] SB [?]
Related products	Microsoft Office Microsoft Excel Microsoft SharePoint
CVE-IDS ?	CVE-2023-360375.0Warning CVE-2023-360415.0Warning CVE-2023-364135.0Warning CVE-2023-360455.0Warning CVE-2023-381775.0Warning
KB list	5002521 5002517 5002527 5002518 5002526
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA61981Multiple vulnerabilities in Microsoft Office

KLA61981
Multiple vulnerabilities in Microsoft Office