Rewterz Threat Advisory – Microsoft Multiple Products Multiple Vulnerabilities

Thursday, January 10, 2019

SEVERITY: Medium

 

 

ANALYSIS SUMMARY

 

 

Multiple vulnerabilities have been reported in multiple Microsoft products, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.

 

CVE-2019-0585
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, affecting Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server.

 

CVE-2019-0541
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input, affecting Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

 

CVE-2019-0559
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, affecting Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

 

CVE-2019-0561
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. Affected products are Microsoft Word, Office 365 ProPlus, Microsoft Office.

 

CVE-2019-0560
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. The flaw affects Office 365 ProPlus, Microsoft Office.

 

 

AFFECTED PRODUCTS

 

 

Microsoft Office Excel Viewer 2007
Microsoft Office Word Viewer
Microsoft Office 2010
Microsoft Word 2010
Microsoft Outlook 2010
Microsoft Office Web Apps
Microsoft Office 2013
Microsoft Word 2013
Microsoft Outlook 2013
Microsoft Office 2013 RT
Microsoft Word 2013 RT
Microsoft Office Web Apps 2010
Microsoft Office 2016 for Mac
Microsoft Office 2016 / O365
Microsoft Word 2016 / O365
Microsoft Outlook 2016 / O365
Microsoft Outlook 2013 RT
Microsoft Office Online Server
Office 365 ProPlus (formerly Microsoft Office 2016 Click-to-Run)
Microsoft Office 2019 / O365
Microsoft Office 2019 for Mac

 

 

IMPACT

 

 

System access
Exposure of sensitive information

 

 

REMEDIATION

 

 

Vendor has released patches for the following vulnerabilities.

 

  • Microsoft Office 2016 for Mac:
    https://go.microsoft.com/fwlink/p/?linkid=831049

 

  • Microsoft Office 2019 for Mac:
    https://go.microsoft.com/fwlink/p/?linkid=831049

 

  • Microsoft Word 2016 (64-bit edition) (KB4461543):
    https://www.microsoft.com/downloads/details.aspx?familyid=6b6bf606-362b-45fb-b788-8427c59fc0ca

 

  • Microsoft Word 2016 (32-bit edition) (KB4461543):
    https://www.microsoft.com/downloads/details.aspx?familyid=0b8081a7-7b11-412c-a24b-abeff769e4e0

 

  • Microsoft Word 2013 Service Pack 1 (64-bit editions) (KB4461594):
    https://www.microsoft.com/downloads/details.aspx?familyid=e5879074-a0a8-40f2-b9b2-835a4c454f07

 

  • Microsoft Word 2013 Service Pack 1 (32-bit editions) (KB4461594):
    https://www.microsoft.com/downloads/details.aspx?familyid=508a0d37-11a2-4c9e-8a04-b92414596eee

 

  • Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4461617):
    https://www.microsoft.com/downloads/details.aspx?familyid=5f19c54b-07aa-4eec-905e-64668537174e

 

  • Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4461617):
    https://www.microsoft.com/downloads/details.aspx?familyid=13ae8f40-cec7-488b-ae8d-f838901d161d

 

  • Microsoft Office Web Apps Server 2010 Service Pack 2 (KB4461620): https://www.microsoft.com/downloads/details.aspx?familyid=cd09326c-6f38-472d-91ba-00dd5a99a7ba

 

  • Microsoft Office Online Server (KB4461633):
    https://www.microsoft.com/downloads/details.aspx?familyid=3665d6c6-667d-4e3b-bed3-d6100c330931

 

  • Microsoft Word 2013 RT Service Pack 1 (KB4461594):
    Apply update (please see the vendor’s service database for details).

 

  • Microsoft Office Word Viewer (KB4461635):
    https://www.microsoft.com/downloads/details.aspx?familyid=fcf98221-3109-4d3d-96e9-3b1304e473ec

 

  • Microsoft Word 2010 Service Pack 2 (32-bit editions) (KB4461625):
    https://www.microsoft.com/downloads/details.aspx?familyid=b94b86f5-046e-4463-8b28-63367034372b

 

  • Microsoft Word 2010 Service Pack 2 (64-bit editions) (KB4461625):
    https://www.microsoft.com/downloads/details.aspx?familyid=241cedf7-3dd3-451f-846b-64d37fdd0df5

 

  • Microsoft Office 2019 for 64-bit editions:
    Apply update (please see the vendor’s service database for details).

 

  • Microsoft Office 2019 for 32-bit editions:
    Apply update (please see the vendor’s service database for details).

 

  • Office 365 ProPlus for 32-bit Systems:
    Apply update (please see the vendor’s service database for details).

 

  • Office 365 ProPlus for 64-bit Systems:
    Apply update (please see the vendor’s service database for details).

 

  • Microsoft Office 2016 (64-bit edition) (KB4022162):
    https://www.microsoft.com/downloads/details.aspx?familyid=b6eb3d57-4e5e-4ccd-951b-e945f2b971e5

 

  • Microsoft Office 2016 (32-bit edition) (KB4022162):
    https://www.microsoft.com/downloads/details.aspx?familyid=923547e5-d535-4d4e-b295-f18355f9c868

 

  • Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB2553332):
    https://www.microsoft.com/downloads/details.aspx?familyid=0e66fa23-10c1-486b-9380-3542eebf9987

 

  • Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB2553332):
    https://www.microsoft.com/downloads/details.aspx?familyid=40637cf1-885c-4297-a267-d9b1224f30fc

 

  • Microsoft Excel Viewer 2007 Service Pack 3 (KB2596760):
    https://www.microsoft.com/downloads/details.aspx?familyid=38c00fb3-bf6b-4ab8-84c2-7c09c644d4f9

 

  • Microsoft Office 2013 Service Pack 1 (64-bit editions) (KB3172522):
    https://www.microsoft.com/downloads/details.aspx?familyid=565310c4-e9df-450c-89b5-5be70127c4db

 

  • Microsoft Office 2013 Service Pack 1 (32-bit editions) (KB3172522):
    https://www.microsoft.com/downloads/details.aspx?familyid=8275a96a-e226-4e0d-8ac9-1a1b58c966ef

 

  • Microsoft Office 2013 RT Service Pack 1 (KB3172522):
    Apply update (please see the vendor’s service database for details).

 

  • Microsoft Office Word Viewer (KB4462112):
    https://www.microsoft.com/downloads/details.aspx?familyid=69bd0e31-cc23-4cda-87ab-5970bbaf2d9b

 

  • Microsoft Outlook 2016 (64-bit edition) (KB4461601):
  • https://www.microsoft.com/downloads/details.aspx?familyid=a34c5286-3019-4ae8-877c-5f91dc8eff09

 

  • Microsoft Outlook 2016 (32-bit edition) (KB4461601):
    https://www.microsoft.com/downloads/details.aspx?familyid=600e9c0b-179a-4e5a-af46-5ecdfee7a593

 

  • Microsoft Outlook 2013 Service Pack 1 (64-bit editions) (KB4461595):
    https://www.microsoft.com/downloads/details.aspx?familyid=bfcd1ed7-f484-4b74-b122-3beef393f689

 

  • Microsoft Outlook 2013 Service Pack 1 (32-bit editions) (KB4461595):
    https://www.microsoft.com/downloads/details.aspx?familyid=e24fb7df-8bca-4a58-8977-4e55f130e2c5

 

  • Microsoft Outlook 2013 RT Service Pack 1 (KB4461595):
    Apply update (please see the vendor’s service database for details).

 

  • Microsoft Outlook 2010 Service Pack 2 (32-bit editions) (KB4461623):
    https://www.microsoft.com/downloads/details.aspx?familyid=c2b4ca90-8c20-485a-bcee-59a4dac3ba5d

 

  • Microsoft Outlook 2010 Service Pack 2 (64-bit editions) (KB4461623):
    https://www.microsoft.com/downloads/details.aspx?familyid=cf0bb670-764f-43d9-82fc-1061860486ec

 

  • Microsoft Office 2016 (64-bit edition) (KB4461535):
    https://www.microsoft.com/downloads/details.aspx?familyid=6f7165ba-a2bc-407f-9dfc-f39db6ab10af

 

  • Microsoft Office 2016 (32-bit edition) (KB4461535):
    https://www.microsoft.com/downloads/details.aspx?familyid=700506c5-7b20-44b8-9a5d-e29f037b7117

 

  • Microsoft Office 2013 Service Pack 1 (64-bit editions) (KB4461537):
    https://www.microsoft.com/downloads/details.aspx?familyid=5a2232ff-eb3b-4515-8367-c274f4f572c3

 

  • Microsoft Office 2013 Service Pack 1 (32-bit editions) (KB4461537):
    https://www.microsoft.com/downloads/details.aspx?familyid=6f910d98-4bd9-4557-90d7-bdf56b59a465

 

  • Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4461614):
    https://www.microsoft.com/downloads/details.aspx?familyid=f82f195b-1ec3-4582-b255-ec31285b3573

 

  • Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4461614):
    https://www.microsoft.com/downloads/details.aspx?familyid=b29b8d28-84ac-406b-abc8-3327442db615

 

  • Microsoft Office 2013 RT Service Pack 1 (KB4461537):
    Apply update (please see the vendor’s service database for details).

 

  • Microsoft Office 2016 for Mac:
    https://go.microsoft.com/fwlink/p/?linkid=831049

 

  • Microsoft Office 2019 for Mac:
    https://go.microsoft.com/fwlink/p/?linkid=831049

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 16, July 2019 Rewterz Threat Alert – Lazarus Mobile Malware turning devices into bots
  • 16, July 2019 Rewterz Threat Alert – Lazarus APT Group, Attacked as Identity Document
  • 15, July 2019 Rise in Attacks on DNS Infrastructure and Web Applications
  • 15, July 2019 Rewterz Threat Advisory – CVE-2019-0330 – SAP Diagnostic Agent OS Command Injection Vulnerability

Copyright © Rewterz. All rights reserved.