KLA12109 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely to spoof user interface.
2. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
3. An information disclosure vulnerability in Microsoft SharePoint Server can be exploited remotely to obtain sensitive information.
4. A remote code execution vulnerability in Microsoft Office can be exploited remotely to execute arbitrary code.
5. A security feature bypass vulnerability in Microsoft Visio can be exploited remotely to bypass security restrictions.
6. A remote code execution vulnerability in Microsoft PowerPoint can be exploited remotely to execute arbitrary code.
7. A remote code execution vulnerability in Microsoft Office ClickToRun can be exploited remotely to execute arbitrary code.
8. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2021-24104

CVE-2021-27053

CVE-2021-27052

CVE-2021-27059

CVE-2021-27054

CVE-2021-27055

CVE-2021-27057

CVE-2021-27056

CVE-2021-27058

CVE-2021-27076

CVE-2021-24108

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Visio-2010

Microsoft-Office

Microsoft-Excel

CVE list

CVE-2021-24104 warning

CVE-2021-27053 critical

CVE-2021-27052 high

CVE-2021-27059 critical

CVE-2021-27054 critical

CVE-2021-27055 high

CVE-2021-27057 critical

CVE-2021-27056 critical

CVE-2021-27058 critical

CVE-2021-27076 critical

CVE-2021-24108 critical

KB list

4493228

4493214

4484376

4493224

4493177

4493227

4493225

4504703

4493239

4493231

4493238

4493232

4493233

4493234

4493199

4493229

4493203

4486673

4493151

4504702

4504707

4493200

3101541

4493230

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Office 2016 (64-bit edition)Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Visio 2016 (32-bit edition)Microsoft Office 2016 (32-bit edition)Microsoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Office 2013 Service Pack 1 (32-bit editions)Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)Microsoft Visio 2016 (64-bit edition)Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)Microsoft PowerPoint 2016 (64-bit edition)Microsoft Office 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Office 2019 for 32-bit editionsMicrosoft Excel 2013 RT Service Pack 1Microsoft PowerPoint 2016 (32-bit edition)Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Office 2019 for MacMicrosoft Business Productivity Servers 2010 Service Pack 2Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Visio 2010 Service Pack 2 (64-bit editions)Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2016 (64-bit edition)Microsoft Office 2010 Service Pack 2 (32-bit editions)Microsoft Visio 2013 Service Pack 1 (32-bit editions)Microsoft Office Web Apps 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Office Online ServerMicrosoft SharePoint Server 2019Microsoft PowerPoint 2013 RT Service Pack 1Microsoft Visio 2010 Service Pack 2 (32-bit editions)Microsoft Office 2013 RT Service Pack 1Microsoft Office 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)Microsoft Office 2019 for 64-bit editionsMicrosoft Visio 2013 Service Pack 1 (64-bit editions)