Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Office January security updates fix remote code execution bugs
#1
Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month's Patch Tuesday.



In total, this month the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attackers to escalate privileges or execute arbitrary code remotely on systems running vulnerable software.



A separate crash problem affecting the Microsoft 365 Apps version of Excel when using certain Windows Security exploit protection settings was also fixed this week.



Microsoft also released non-security Microsoft Office updates last week addressing recurrent Outlook crashes and other issues impacting Windows Installer (MSI) editions of Office 2016 products.



The company also issued the January 2021 Patch Tuesday, with patches for a Microsoft Defender antivirus zero-day exploited in the wild and 83 additional security vulnerabilities, ten of them rated as critical.



Non-security Windows updates were also released on Tuesday with the Windows 10 KB4598229 and KB4598242 cumulative updates.

List of patched Office security vulnerabilities
Office security updates published as part of the January 2021 Patch Tuesday address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi)-based editions of Microsoft Office products to remote code execution (RCE) attacks.



Microsoft rated the six RCE bugs patched this month as Important severity issues since they could enable attackers to execute arbitrary code in the context of the currently logged-in user.



After successful exploitation, the attackers could install malicious programs, view, change, and delete data, as well as create their own admin accounts on compromised Windows devices.



Tag CVE ID CVE Title Severity
Microsoft Office CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability Important
Microsoft Office SharePoint CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability Important


Source
Reply


Messages In This Thread
Office January security updates fix remote code execution bugs - by Bjyda - 01-14-2021 , 11:51 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution mrtrout 0 663 02-04-2024 , 06:49 AM
Last Post: mrtrout
  TikTok denies security breach after hackers leak user data, source code tarekma7 0 2,101 09-06-2022 , 10:19 AM
Last Post: tarekma7
  PyPI removes 'mitmproxy2' over code execution concerns mrtrout 0 702 10-12-2021 , 10:43 PM
Last Post: mrtrout
  F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs Bjyda 0 1,073 03-11-2021 , 10:48 PM
Last Post: Bjyda
  "git clone" Hit By Vulnerability That Could Lead To Code Execution Bjyda 0 1,295 03-11-2021 , 10:30 PM
Last Post: Bjyda



Users browsing this thread: 1 Guest(s)