Rewterz Threat Advisory – CVE-2019-1034 & CVE-2019-1035 – Microsoft Multiple Products Multiple Vulnerabilities

Wednesday, June 12, 2019

Severity

Medium

Analysis Summary

An error in Microsoft Word software when handling objects in memory can be exploited to execute arbitrary code via a specially crafted file.

Impact

System access

Affected Vendors

Microsoft

Affected Products

  • Microsoft Office 2010
  • Microsoft Word 2010
  • Microsoft Office Web Apps
  • Microsoft Word 2013
  • Microsoft Word 2013 RT
  • Microsoft Office Web Apps 2010
  • Microsoft Office 2016 for Mac
  • Microsoft Word 2016 / O365
  • Microsoft Office Online Server
  • Office 365 ProPlus (formerly Microsoft Office 2016 Click-to-Run)
  • Microsoft Office 2019 / O365
  • Microsoft Office 2019 for Mac

Remediation

Apply update.

Microsoft Office 2016 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Word 2010 Service Pack 2 (64-bit editions) (KB4461619):

https://www.microsoft.com/downloads/details.aspx?familyid=e5d47aa9-47cd-4ac0-9f22-2e28fb70b26b

Microsoft Word 2010 Service Pack 2 (32-bit editions) (KB4461619):

https://www.microsoft.com/downloads/details.aspx?familyid=0e8131be-b2a3-4a4b-ba78-0385f3bf1186

Microsoft Office Web Apps 2010 Service Pack 2 (KB4461621):

https://www.microsoft.com/downloads/details.aspx?familyid=dfe669b0-1229-471e-bbbb-14055ae57bfd

Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4462178):

https://www.microsoft.com/downloads/details.aspx?familyid=4aaf564e-d5c4-456a-9bde-ebf0ee8f3755

Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4462178):

https://www.microsoft.com/downloads/details.aspx?familyid=1791deec-13c4-43b1-83f2-f374c74abfc0

Microsoft Word 2013 Service Pack 1 (64-bit editions) (KB4464590):

https://www.microsoft.com/downloads/details.aspx?familyid=82799eb6-ec1d-4177-a595-6899ca546fcb

Microsoft Word 2013 Service Pack 1 (32-bit editions) (KB4464590):

https://www.microsoft.com/downloads/details.aspx?familyid=8a40e385-1d51-4983-8b7e-730295964c7e

Microsoft Word 2016 (64-bit edition) (KB4464596):

https://www.microsoft.com/downloads/details.aspx?familyid=9d079df4-bb75-4546-b1b2-420fbcc05066

Microsoft Word 2016 (32-bit edition) (KB4464596):

https://www.microsoft.com/downloads/details.aspx?familyid=fbfb29f2-b9a1-4044-9bdb-8b37be8db0e0

Microsoft Office Online Server (KB4475511):

https://www.microsoft.com/downloads/details.aspx?familyid=fe7e422e-9d87-49c7-b167-1351a6ec6346

Microsoft Office 2019 for 64-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2019 for 32-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Word 2013 RT Service Pack 1 (KB4464590):

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 32-bit Systems:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 64-bit Systems:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2016 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for 64-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2019 for 32-bit editions:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 32-bit Systems:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 64-bit Systems:

Apply update (please see the vendor’s service database for details).

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 14, June 2019 Rewterz Threat Alert – Advanced Attack Tools Target Non-patched Systems to Distribute Cryptocurrency Miners
  • 14, June 2019 Rewterz Threat Advisory – HP Service Manager Multiple Security Bypass Vulnerabilities
  • 14, June 2019 Rewterz Threat Advisory – CVE-2019-1029 – Microsoft Lync Server 2010 / 2013 Denial of Service Vulnerability
  • 14, June 2019 Rewterz Threat Alert – “Love You” Malspam Phishing Campaign Reemerged

Copyright © Rewterz. All rights reserved.