KLA12525 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
2. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
3. A security feature bypass vulnerability in Microsoft Office can be exploited remotely to bypass security restrictions.
4. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.

Original advisories

CVE-2022-29109

CVE-2022-29108

CVE-2022-29107

CVE-2022-29110

CVE-2022-26934

Related products

Microsoft-Office

Microsoft-Excel

Microsoft-Word

Microsoft-SharePoint

CVE list

CVE-2022-26934 high

CVE-2022-29109 critical

CVE-2022-29108 critical

CVE-2022-29107 high

CVE-2022-29110 critical

KB list

4493152

5002195

5002204

5002194

5002196

5002205

5002199

5002207

4484347

5002203

5002187

5002184

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Microsoft Publisher 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2016 (64-bit edition)Microsoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for MacMicrosoft Office LTSC 2021 for 64-bit editionsMicrosoft Word 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Publisher 2013 Service Pack 1 (64-bit editions)Microsoft Publisher 2016 (32-bit edition)Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft SharePoint Server 2019Microsoft Word 2013 Service Pack 1 (64-bit editions)Microsoft SharePoint Enterprise Server 2016Microsoft Office Online ServerMicrosoft Word 2016 (32-bit edition)Microsoft Office LTSC for Mac 2021Microsoft SharePoint Server Subscription EditionMicrosoft Word 2016 (64-bit edition)Microsoft Excel 2016 (32-bit edition)Microsoft Office 2019 for 32-bit editionsMicrosoft Office LTSC 2021 for 32-bit editionsMicrosoft Word 2013 Service Pack 1 (32-bit editions)Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Publisher 2016 (64-bit edition)