KLA19250
Multiple vulnerabilities in Microsoft Office

Обновлено: 15/09/2022
Дата обнаружения
13/09/2022
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Microsoft PowerPoint can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft Office Visio can be exploited remotely to execute arbitrary code.
  4. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
Пораженные продукты

Microsoft SharePoint Server 2019
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft SharePoint Enterprise Server 2016
Microsoft Office 2013 RT Service Pack 1
Microsoft SharePoint Server Subscription Edition
Microsoft Office 2019 for 64-bit editions
Microsoft Visio 2013 Service Pack 1 (64-bit editions)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office 2019 for Mac
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Visio 2016 (64-bit edition)
Microsoft Office LTSC for Mac 2021
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Visio 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
SharePoint Server Subscription Edition Language Pack
Microsoft SharePoint Foundation 2013 Service Pack 1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2022-37961
CVE-2022-37962
CVE-2022-38009
CVE-2022-38010
CVE-2022-35823
CVE-2022-37963
CVE-2022-38008
Оказываемое влияние
?
ACE 
[?]
Связанные продукты
Microsoft Office
Microsoft SharePoint
CVE-IDS
CVE-2022-379615.0Critical
CVE-2022-379625.0Critical
CVE-2022-380095.0Critical
CVE-2022-380105.0Critical
CVE-2022-358235.0Critical
CVE-2022-379635.0Critical
CVE-2022-380085.0Critical
KB list

5002016
5002166
5002017
5002142
5002269
5002178
5002257
5002264
5002258
5002271
5002267
5002159
5002270

Узнай статистику распространения уязвимостей в твоем регионе