Kaspersky LabKLA19250KLA19250 Multiple vulnerabilities in Microsoft Office
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.022 Low
EPSS
Percentile
89.4%
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Microsoft PowerPoint can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Office Visio can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2022-37961 critical
CVE-2022-37962 critical
CVE-2022-38009 critical
CVE-2022-38010 critical
CVE-2022-35823 critical
CVE-2022-37963 critical
CVE-2022-38008 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Microsoft SharePoint Server 2019Microsoft Office LTSC 2021 for 64-bit editionsMicrosoft Office 2019 for 32-bit editionsMicrosoft SharePoint Enterprise Server 2016Microsoft Office 2013 RT Service Pack 1Microsoft SharePoint Server Subscription EditionMicrosoft Office 2019 for 64-bit editionsMicrosoft Visio 2013 Service Pack 1 (64-bit editions)Microsoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Visio 2013 Service Pack 1 (32-bit editions)Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft Office 2013 Service Pack 1 (64-bit editions)Microsoft Office LTSC 2021 for 32-bit editionsMicrosoft Office 2019 for MacMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Visio 2016 (64-bit edition)Microsoft Office LTSC for Mac 2021Microsoft Office 2016 (32-bit edition)Microsoft Office 2013 Service Pack 1 (32-bit editions)Microsoft Visio 2016 (32-bit edition)Microsoft Office 2016 (64-bit edition)SharePoint Server Subscription Edition Language PackMicrosoft SharePoint Foundation 2013 Service Pack 1
References
support.microsoft.com/kb/5002016
support.microsoft.com/kb/5002017
support.microsoft.com/kb/5002142
support.microsoft.com/kb/5002159
support.microsoft.com/kb/5002166
support.microsoft.com/kb/5002178
support.microsoft.com/kb/5002257
support.microsoft.com/kb/5002258
support.microsoft.com/kb/5002264
support.microsoft.com/kb/5002267
support.microsoft.com/kb/5002269
support.microsoft.com/kb/5002270
support.microsoft.com/kb/5002271
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37962
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37963
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-SharePoint/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.022 Low
EPSS
Percentile
89.4%