Microsoft has launched new security updates for Office. These include updates for Office 2016, Office 2013, and Microsoft SharePoint Server – Microsoft is known to exploit vulnerabilities in the wild.
Therefore, users of the Office products should check as soon as possible whether they have already downloaded the latest version or whether an update is available. Exploitation in the wild always means greater risk, also for the individual user, because cybercriminals attack such vulnerabilities with various means such as phishing and spam. Therefore, the German Federal Office for Information Security is already warning of the weak points and recommends the prompt installation of the security updates provided in order to close the gaps.
In the announcement of the BürgerCERT it says:
“All current Windows versions, the Edge Browser, various Office programs, Microsoft Dynamics 365, Microsoft Visual Studio, Microsoft Exchange Server, and the Malware Protection Engine are affected. An attacker can exploit these vulnerabilities to execute malicious code with the rights of the logged-in user or even with administrative rights, to circumvent security precautions, to crash the victim’s computer (denial of service), and to reveal or manipulate information. In some cases, the user has to open a specially manipulated file, e-mail, or website. The user can e.g. B. be requested to do so in an email or when visiting a website.”
The following updates are available:
- Office 2016
- Excel 2016: KB5002056
- Office 2016: KB5002032
- Office 2016: KB4486670
- Office 2013
- Excel 2013: KB5002072
- Office 2013: KB5002038
- Office 2013: KB5002035
- SharePoint Server 2019
- Office Online Server: KB5002053
- Microsoft SharePoint Server 2013 / Office Web Apps Server KB5002065
- SharePoint Enterprise Server 2013: KB5002063
This Risk Is High
According to the release notes provided, several vulnerabilities of various degrees of severity have been fixed. Among other things, it is about possible remote code execution in Microsoft Excel. Corresponding security gaps were often quickly exploited in the past. The security gaps that have now been fixed are primarily intended to be vulnerabilities that have been assessed as having a high risk and that can be exploited locally.
At the moment, however, there is no more detailed information on the changes. Microsoft has already listed the update packages in the update catalog and has also published the associated articles for the individual vulnerabilities (CVE archive), but not all information has yet been stored for all updates. The updates are in the distribution. So far there are no known problems to be read. Microsoft has not yet published any further details about the updates.
Brian is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news.