Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0053 Multiple vulnerabilities patched in Microsoft Office products. 13 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Office 365 ProPlus Microsoft Excel Viewer Microsoft Office Word Viewer Microsoft PowerPoint Viewer Microsoft Office Microsoft SharePoint Operating System: Mac OS Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-0675 CVE-2019-0674 CVE-2019-0673 CVE-2019-0672 CVE-2019-0671 CVE-2019-0670 CVE-2019-0669 CVE-2019-0668 CVE-2019-0604 CVE-2019-0594 CVE-2019-0540 Member content until: Friday, March 15 2019 Reference: ASB-2019.0051 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2019. This update resolves 11 vulnerabilities across the following products: [1] Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel Viewer Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Word Viewer Microsoft PowerPoint Viewer Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2019 Office 365 ProPlus for 32-bit Systems Office 365 ProPlus for 64-bit Systems IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity Security Feature Bypass Important Remote Code Execution Critical Remote Code Execution Critical Elevation of Privilege Important Security Feature Bypass Important Spoofing Moderate Remote Code Execution Important Remote Code Execution Important Remote Code Execution Important Remote Code Execution Important Remote Code Execution Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1]. KB4018294, KB4462171, KB4462177, KB4461630, KB4462174 KB4462155, KB4462154, KB4092465, KB4462146, KB4461597 KB4461608, KB4018300, KB4462143, KB4462139, KB4462138 KB4462186, KB4462115, KB4018313, KB4461607 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXGOjR2aOgq3Tt24GAQg46RAAsejWtdqx1UDaDNZcaq//W6HC74zMBp6P IxmJfESFONVAdoA6rNjN7HM4b+2h15XJmz5ZhtenJQuG8yl9cum9aFVErTVfRJ65 x1vEtIQ9jFQkQc0NB7SFQFja3hWwN+o1cP5PGCjMw8YgO4YK7OXfJPcPmpD7vkuk ZwrLcsKJ5ySlfIhTgH6x8dxnOGCp5XHxz9HFwGLmTF4xaUJziSmq0macMGAsTyEY 7gje18ZWgmw4UBxitEJYxIbdmzSTyqTKy1her5FFFVGP5uYXCnq2W2wloh4WoxnT hbyei/As3CDXlUrsEkkV8L/BbJcs88R9IplZqTta5HcjEMG+HitJbZVIDn7aDJBT Tw18uaFun3IJiy5+1IzbS+qT5aVVnpcJbZzZwnsDVlMcSugA8NPd19Y/fG0I73yI Zg2PF0t3lzGeu8ejHuhzvGBZEil4vNF+NQ+OnlLP+PuNDf6NzwmfNJteJR0zru+s nGDgDHzm1+m9B00TKVO+2WGopbkt6dHnja3cLQFcNSpxcKwSPH4Utw054keors0U prNtTuGVi28ldc9XrKW0zfjLpWsXtNqxRGCnHmJKdLDjcf+h2sLyDQ0kQkUwArw3 YjdniZ2HOZW/Fz1LWsxL6rFV0EH8hjGA8kEnUv04QvSxSZXo6DDTsgMSuDbyVg+K q3mcj8oO5/k= =GMG2 -----END PGP SIGNATURE-----