Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_AUG_EXCEL_C2R.NASLHistoryAug 11, 2022 - 12:00 a.m.
Security Updates for Microsoft Excel Products C2R (August 2022)
2022-08-1100:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
7.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.4%
The Microsoft Excel Products are missing a security update. It is, therefore, affected by a security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(164044);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/14");
script_cve_id("CVE-2022-33631");
script_xref(name:"IAVA", value:"2022-A-0316-S");
script_xref(name:"IAVA", value:"2022-A-0317-S");
script_name(english:"Security Updates for Microsoft Excel Products C2R (August 2022)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft Excel Products are missing a security update.");
script_set_attribute(attribute:"description", value:
"The Microsoft Excel Products are missing a security update. It is, therefore, affected by a security feature
bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform
unauthorized actions compromising the integrity of the system/application.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates#august-09-2022
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?78700079");
# https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fd4508ff");
script_set_attribute(attribute:"solution", value:
"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and
manually perform an update.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-33631");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/09");
script_set_attribute(attribute:"patch_publication_date", value:"2022/08/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("office_installed.nasl", "microsoft_office_compatibility_pack_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('vcf_extras_office.inc');
var bulletin = 'MS22-08';
var constraints = [
{'fixed_version':'16.0.15427.20210','channel':'2016 Retail'},
{'fixed_version':'16.0.15427.20210','channel':'Current'},
{'fixed_version':'16.0.15330.20298','channel':'Enterprise Deferred','channel_version':'2206'},
{'fixed_version':'16.0.15225.20394','channel':'Enterprise Deferred'},
{'fixed_version':'16.0.14931.20660','channel':'First Release for Deferred'},
{'fixed_version':'16.0.14931.20660','channel':'Deferred','channel_version':'2202'},
{'fixed_version':'16.0.14326.21096','channel':'Deferred','channel_version':'2108'},
{'fixed_version':'16.0.13801.21582','channel':'Deferred'},
{'fixed_version':'16.0.12527.22197','channel':'Microsoft 365 Apps on Windows 7'},
{'fixed_version':'16.0.15427.20210','channel':'2021 Retail'},
{'fixed_version':'16.0.15427.20210','channel':'2019 Retail'},
{'fixed_version':'16.0.14332.20358','channel':'LTSC 2021'},
{'fixed_version':'16.0.10389.20033','channel':'2019 Volume'}
];
vcf::microsoft::office_product::check_version_and_report(
constraints:constraints,
severity:SECURITY_WARNING,
bulletin:bulletin,
subproduct:'Excel'
);
Related
mskb
mskb
nessus
nessus
Security Updates for Microsoft Excel Products (August 2022)
2022-08-09 00:00:00
nvd
nvd
CVE-2022-33631
2022-08-09 20:15:09
cvelist
cvelist
CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability
2022-08-09 19:49:40
cve
cve
CVE-2022-33631
2022-08-09 20:15:09
mscve
mscve
Microsoft Excel Security Feature Bypass Vulnerability
2022-08-09 07:00:00
openvas
openvas
prion
prion
Security feature bypass
2022-08-09 20:15:00
kaspersky
kaspersky
KLA12606 Multiple vulnerabilities in Microsoft Office
2022-08-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - August 2022
2022-08-09 19:34:51
7.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.4%
Related for SMB_NT_MS22_AUG_EXCEL_C2R.NASL