KLA12454 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.
2. An information disclosure vulnerability in Microsoft Office can be exploited remotely to obtain sensitive information.
3. A denial of service vulnerability in Microsoft Teams can be exploited remotely to cause denial of service.
4. A remote code execution vulnerability in Microsoft Office Visio can be exploited remotely to execute arbitrary code.
5. A security feature bypass in Microsoft SharePoint Server can be exploited remotely to bypass security restrictions.
6. A security feature bypass vulnerability in Microsoft Outlook for Mac can be exploited remotely to bypass security restrictions.
7. A remote code execution vulnerability in Microsoft Office Graphics can be exploited remotely to execute arbitrary code.
8. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
9. A security feature bypass vulnerability in Microsoft OneDrive for Android can be exploited remotely to bypass security restrictions.
10. A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface.
11. A remote code execution vulnerability in Microsoft Office ClickToRun can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2022-22716

CVE-2022-23252

CVE-2022-21965

CVE-2022-21988

CVE-2022-21968

CVE-2022-23280

CVE-2022-22003

CVE-2022-22005

CVE-2022-23255

CVE-2022-21987

CVE-2022-22004

Related products

Microsoft-Office

Microsoft-Outlook

Microsoft-Excel

Microsoft-SharePoint

CVE list

CVE-2022-22716 high

CVE-2022-23252 high

CVE-2022-21965 critical

CVE-2022-21988 critical

CVE-2022-21968 warning

CVE-2022-23280 high

CVE-2022-22003 critical

CVE-2022-22005 critical

CVE-2022-23255 high

CVE-2022-21987 critical

CVE-2022-22004 critical

KB list

5002136

5002145

5002120

5002140

5002135

5002156

3118335

5002137

5002146

5002147

3172514

5002155

5002149

5002133

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft Excel 2016 (64-bit edition)Microsoft Office LTSC 2021 for 32-bit editionsMicrosoft Office 2013 Service Pack 1 (32-bit editions)Microsoft Teams Admin CenterMicrosoft Teams for AndroidMicrosoft Office Web Apps Server 2013 Service Pack 1Microsoft Office LTSC 2021 for 64-bit editionsMicrosoft Office 2013 Service Pack 1 (64-bit editions)Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editionsMicrosoft Office LTSC for Mac 2021Microsoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Office 2019 for MacMicrosoft Office 2019 for 32-bit editionsMicrosoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editionsMicrosoft Office Online ServerMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2016 (64-bit edition)OneDrive for AndroidMicrosoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft SharePoint Server Subscription EditionMicrosoft Excel 2016 (32-bit edition)Microsoft Excel 2013 RT Service Pack 1Microsoft Office 2013 RT Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft Teams for iOSMicrosoft Office 2016 (32-bit edition)Microsoft SharePoint Server 2019Microsoft Outlook 2016 for Mac