KLA12069 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
2. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
3. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
4. A spoofing vulnerability in Skype for Business and Lync can be exploited remotely to spoof user interface.
5. A denial of service vulnerability in Skype for Business and Lync can be exploited remotely to cause denial of service.
6. An information disclosure vulnerability in Microsoft SharePoint can be exploited remotely to obtain sensitive information.
7. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely to spoof user interface.
8. An information disclosure vulnerability in Microsoft Teams iOS can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2021-24066

CVE-2021-24069

CVE-2021-24072

CVE-2021-24073

CVE-2021-24067

CVE-2021-24070

CVE-2021-24099

CVE-2021-24071

CVE-2021-1726

CVE-2021-24068

CVE-2021-24114

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Lync

Microsoft-Office

Microsoft-Excel

Microsoft-Lync-Server

CVE list

CVE-2021-24066 critical

CVE-2021-24069 critical

CVE-2021-24072 critical

CVE-2021-24073 high

CVE-2021-24067 critical

CVE-2021-24070 critical

CVE-2021-24099 high

CVE-2021-24071 high

CVE-2021-1726 critical

CVE-2021-24068 critical

CVE-2021-24114 high

KB list

5000675

4493204

4493210

5000688

4493222

4493194

4493195

4493211

4493192

4493196

4493223

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Skype for Business Server 2019 CU2Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Lync Server 2013Microsoft SharePoint Server 2019Microsoft Excel 2013 RT Service Pack 1Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft Excel 2016 (32-bit edition)Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft SharePoint Foundation 2010 Service Pack 2Microsoft Office 2019 for 64-bit editionsMicrosoft Office Online ServerMicrosoft Teams for iOSMicrosoft Excel 2016 (64-bit edition)Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2019 for 32-bit editionsMicrosoft Excel 2013 Service Pack 1 (32-bit editions)Skype for Business Server 2015 CU 8Microsoft SharePoint Enterprise Server 2016Microsoft Excel 2010 Service Pack 2 (32-bit editions)Office Online ServerMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Office 2019 for Mac