KLA10770 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.

Below is a complete list of vulnerabilities

1. An improper memory objects handling can be exploited remotely via a specially designed file or content to execute arbitrary code;
2. An invalidly signed binary can be exploited by attacker with write access to the vulnerable binary by binary hijack to bypass security restrictions.

Technical details

To mitigate these vulnerabilities you can disable OLE package function in Outlook. For further instructions take a look at MS16-029 advisory.

Original advisories

CVE-2016-0021

CVE-2016-0057

CVE-2016-0134

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Office

CVE list

CVE-2016-0021 critical

CVE-2016-0057 high

CVE-2016-0134 critical

KB list

3114824

3114821

2956063

3114414

3114829

3141806

3114880

3114883

3114814

3039746

3114873

3114690

3114855

3114878

3114812

3114426

3138328

3138327

3114900

2956110

3114833

3114861

3114866

2880510

3114901

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

• Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2013 RTMicrosoft Office 2016Microsoft Office 2011 for MacMicrosoft Office 2016 for MacMicrosoft Office Compatibility Pack Service Pack 3Microsoft Word Viewer