KLA12138 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
2. A remote code execution vulnerability in Microsoft Office can be exploited remotely to execute arbitrary code.
3. An information disclosure vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.
4. A remote code execution vulnerability in Microsoft Word can be exploited remotely to execute arbitrary code.
5. A denial of service vulnerability in Microsoft SharePoint can be exploited remotely to cause denial of service.
6. A memory corruption vulnerability in Microsoft Outlook can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2021-28454

CVE-2021-28449

CVE-2021-28456

CVE-2021-28451

CVE-2021-28453

CVE-2021-28450

CVE-2021-28452

Related products

Microsoft-Office

Microsoft-Outlook

Microsoft-Excel

Microsoft-Word

CVE list

CVE-2021-28454 critical

CVE-2021-28449 critical

CVE-2021-28456 high

CVE-2021-28451 critical

CVE-2021-28453 critical

CVE-2021-28450 warning

CVE-2021-28452 high

KB list

4504719

4493215

4504729

4504733

3178643

3178639

4504735

4493198

4493201

4504722

4504709

4493218

4504727

4493208

4504716

4504701

4504714

4504739

4504738

4504712

4504724

3017810

2589361

4493185

4504723

4504726

2553491

4504705

4504715

4504721

4493170

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

• Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Office 2013 Service Pack 1 (32-bit editions)Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Word 2016 (32-bit edition)Microsoft Word 2013 RT Service Pack 1Microsoft Office 2016 (32-bit edition)Microsoft Word 2013 Service Pack 1 (64-bit editions)Microsoft Office Online ServerMicrosoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Outlook 2016 (64-bit edition)Microsoft Outlook 2013 RT Service Pack 1Microsoft Outlook 2013 Service Pack 1 (32-bit editions)Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft Excel 2016 (64-bit edition)Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2016Microsoft Outlook 2010 Service Pack 2 (64-bit editions)Microsoft SharePoint Server 2019Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft Office 2010 Service Pack 2 (32-bit editions)Microsoft Office 2016 (64-bit edition)Microsoft Word 2010 Service Pack 2 (64-bit editions)Microsoft Office 2010 Service Pack 2 (64-bit editions)Microsoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Office 2013 RT Service Pack 1Microsoft Word 2016 (64-bit edition)Microsoft Outlook 2010 Service Pack 2 (32-bit editions)Microsoft Office Web Apps 2010 Service Pack 2Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Outlook 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Office 2019 for MacMicrosoft Excel 2013 RT Service Pack 1Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Office 2019 for 64-bit editionsMicrosoft Outlook 2016 (32-bit edition)Microsoft Word 2013 Service Pack 1 (32-bit editions)Microsoft Word 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Office 2019 for 32-bit editionsMicrosoft Office 2013 Service Pack 1 (64-bit editions)