Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0053
Multiple vulnerabilities patched in Microsoft Office products.
13 February 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Office 365 ProPlus
Microsoft Excel Viewer
Microsoft Office Word Viewer
Microsoft PowerPoint Viewer
Microsoft Office
Microsoft SharePoint
Operating System: Mac OS
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-0675 CVE-2019-0674 CVE-2019-0673
CVE-2019-0672 CVE-2019-0671 CVE-2019-0670
CVE-2019-0669 CVE-2019-0668 CVE-2019-0604
CVE-2019-0594 CVE-2019-0540
Member content until: Friday, March 15 2019
Reference: ASB-2019.0051
OVERVIEW
Microsoft has released its monthly security patch update for the month of February 2019.
This update resolves 11 vulnerabilities across the following products: [1]
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel Viewer
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Word Viewer
Microsoft PowerPoint Viewer
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2019
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
Security Feature Bypass Important
Remote Code Execution Critical
Remote Code Execution Critical
Elevation of Privilege Important
Security Feature Bypass Important
Spoofing Moderate
Remote Code Execution Important
Remote Code Execution Important
Remote Code Execution Important
Remote Code Execution Important
Remote Code Execution Important
MITIGATION
Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1].
KB4018294, KB4462171, KB4462177, KB4461630, KB4462174
KB4462155, KB4462154, KB4092465, KB4462146, KB4461597
KB4461608, KB4018300, KB4462143, KB4462139, KB4462138
KB4462186, KB4462115, KB4018313, KB4461607
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXGOjR2aOgq3Tt24GAQg46RAAsejWtdqx1UDaDNZcaq//W6HC74zMBp6P
IxmJfESFONVAdoA6rNjN7HM4b+2h15XJmz5ZhtenJQuG8yl9cum9aFVErTVfRJ65
x1vEtIQ9jFQkQc0NB7SFQFja3hWwN+o1cP5PGCjMw8YgO4YK7OXfJPcPmpD7vkuk
ZwrLcsKJ5ySlfIhTgH6x8dxnOGCp5XHxz9HFwGLmTF4xaUJziSmq0macMGAsTyEY
7gje18ZWgmw4UBxitEJYxIbdmzSTyqTKy1her5FFFVGP5uYXCnq2W2wloh4WoxnT
hbyei/As3CDXlUrsEkkV8L/BbJcs88R9IplZqTta5HcjEMG+HitJbZVIDn7aDJBT
Tw18uaFun3IJiy5+1IzbS+qT5aVVnpcJbZzZwnsDVlMcSugA8NPd19Y/fG0I73yI
Zg2PF0t3lzGeu8ejHuhzvGBZEil4vNF+NQ+OnlLP+PuNDf6NzwmfNJteJR0zru+s
nGDgDHzm1+m9B00TKVO+2WGopbkt6dHnja3cLQFcNSpxcKwSPH4Utw054keors0U
prNtTuGVi28ldc9XrKW0zfjLpWsXtNqxRGCnHmJKdLDjcf+h2sLyDQ0kQkUwArw3
YjdniZ2HOZW/Fz1LWsxL6rFV0EH8hjGA8kEnUv04QvSxSZXo6DDTsgMSuDbyVg+K
q3mcj8oO5/k=
=GMG2
-----END PGP SIGNATURE-----