Rewterz Threat Advisory – CVE-2019-1034 & CVE-2019-1035 – Microsoft Multiple Products Multiple Vulnerabilities

Wednesday, June 12, 2019

Severity

Medium

Analysis Summary

An error in Microsoft Word software when handling objects in memory can be exploited to execute arbitrary code via a specially crafted file.

Impact

System access

Affected Vendors

Microsoft

Affected Products

  • Microsoft Office 2010
  • Microsoft Word 2010
  • Microsoft Office Web Apps
  • Microsoft Word 2013
  • Microsoft Word 2013 RT
  • Microsoft Office Web Apps 2010
  • Microsoft Office 2016 for Mac
  • Microsoft Word 2016 / O365
  • Microsoft Office Online Server
  • Office 365 ProPlus (formerly Microsoft Office 2016 Click-to-Run)
  • Microsoft Office 2019 / O365
  • Microsoft Office 2019 for Mac

Remediation

Apply update.

Microsoft Office 2016 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Word 2010 Service Pack 2 (64-bit editions) (KB4461619):

https://www.microsoft.com/downloads/details.aspx?familyid=e5d47aa9-47cd-4ac0-9f22-2e28fb70b26b

Microsoft Word 2010 Service Pack 2 (32-bit editions) (KB4461619):

https://www.microsoft.com/downloads/details.aspx?familyid=0e8131be-b2a3-4a4b-ba78-0385f3bf1186

Microsoft Office Web Apps 2010 Service Pack 2 (KB4461621):

https://www.microsoft.com/downloads/details.aspx?familyid=dfe669b0-1229-471e-bbbb-14055ae57bfd

Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4462178):

https://www.microsoft.com/downloads/details.aspx?familyid=4aaf564e-d5c4-456a-9bde-ebf0ee8f3755

Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4462178):

https://www.microsoft.com/downloads/details.aspx?familyid=1791deec-13c4-43b1-83f2-f374c74abfc0

Microsoft Word 2013 Service Pack 1 (64-bit editions) (KB4464590):

https://www.microsoft.com/downloads/details.aspx?familyid=82799eb6-ec1d-4177-a595-6899ca546fcb

Microsoft Word 2013 Service Pack 1 (32-bit editions) (KB4464590):

https://www.microsoft.com/downloads/details.aspx?familyid=8a40e385-1d51-4983-8b7e-730295964c7e

Microsoft Word 2016 (64-bit edition) (KB4464596):

https://www.microsoft.com/downloads/details.aspx?familyid=9d079df4-bb75-4546-b1b2-420fbcc05066

Microsoft Word 2016 (32-bit edition) (KB4464596):

https://www.microsoft.com/downloads/details.aspx?familyid=fbfb29f2-b9a1-4044-9bdb-8b37be8db0e0

Microsoft Office Online Server (KB4475511):

https://www.microsoft.com/downloads/details.aspx?familyid=fe7e422e-9d87-49c7-b167-1351a6ec6346

Microsoft Office 2019 for 64-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2019 for 32-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Word 2013 RT Service Pack 1 (KB4464590):

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 32-bit Systems:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 64-bit Systems:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2016 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for 64-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2019 for 32-bit editions:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 32-bit Systems:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 64-bit Systems:

Apply update (please see the vendor’s service database for details).

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 22, August 2019 Rewterz Threat Advisory – CVE-2019-15295 – BitDefender Antivirus Free 2020 – Privilege Escalation to SYSTEM
  • 22, August 2019 Rewterz Threat Alert – Banks All over the World Attacked by Silence Advanced Hackers
  • 22, August 2019 Rewterz Threat Alert – Adwind Bypasses Microsoft ATP to Attack Utilities Industry
  • 21, August 2019 Rewterz Threat Advisory – Multiple vulnerabilities fixed in VLC media player

Copyright © Rewterz. All rights reserved.