KLA12002 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Microsoft SharePoint can be exploited remotely to obtain sensitive information.
2. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely to spoof user interface.
3. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
4. A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely to execute arbitrary code.
5. A spoofing vulnerability in Microsoft Office Online can be exploited remotely to spoof user interface.
6. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
7. A security feature bypass vulnerability in Microsoft Excel can be exploited remotely to bypass security restrictions.
8. A security feature bypass vulnerability in Microsoft Word can be exploited remotely to bypass security restrictions.
9. A remote code execution vulnerability in Microsoft Teams can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2020-17017

CVE-2020-17016

CVE-2020-17019

CVE-2020-17015

CVE-2020-17062

CVE-2020-17063

CVE-2020-16979

CVE-2020-17060

CVE-2020-17061

CVE-2020-17067

CVE-2020-17064

CVE-2020-17065

CVE-2020-17066

CVE-2020-17020

CVE-2020-17091

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Office-Access

Microsoft-Office

Microsoft-Excel

Microsoft-Word

Microsoft-Sharepoint-Server

CVE list

CVE-2020-17017 high

CVE-2020-17016 critical

CVE-2020-17019 critical

CVE-2020-17015 warning

CVE-2020-17062 critical

CVE-2020-17063 high

CVE-2020-16979 high

CVE-2020-17060 high

CVE-2020-17061 critical

CVE-2020-17067 critical

CVE-2020-17064 critical

CVE-2020-17065 critical

CVE-2020-17066 critical

CVE-2020-17020 warning

CVE-2020-17091 critical

KB list

4486733

4486730

4486719

4486718

4486734

4486714

4486717

4486738

4486713

4486743

4484520

4484508

4486722

4486723

4486725

4486740

4486727

4486706

4484534

4486744

4486737

4484455

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Excel 2016 (64-bit edition)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Office 2010 Service Pack 2 (64-bit editions)Microsoft Office 2013 Service Pack 1 (32-bit editions)Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Office Web Apps 2013 Service Pack 1Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft TeamsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Office 2010 Service Pack 2 (32-bit editions)Microsoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for MacMicrosoft Word 2016 (32-bit edition)Microsoft Office 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Office 2016 (32-bit edition)Microsoft SharePoint Server 2019Microsoft Word 2016 (64-bit edition)Microsoft Word 2013 Service Pack 1 (64-bit editions)Microsoft Word 2013 RT Service Pack 1Microsoft Word 2013 Service Pack 1 (32-bit editions)Microsoft SharePoint Enterprise Server 2016Microsoft Office 2016 (64-bit edition)Microsoft Excel 2016 (32-bit edition)Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft Excel 2013 RT Service Pack 1Microsoft Word 2010 Service Pack 2 (32-bit editions)Microsoft Office 2013 RT Service Pack 1Microsoft SharePoint Server 2010 Service Pack 2Microsoft Office 2019 for 32-bit editionsMicrosoft Office Online ServerMicrosoft Word 2010 Service Pack 2 (64-bit editions)