November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – Microsoft Windows Server 2012 / Windows RT 8.1 / 8.1 Multiple Vulnerabilities
January 10, 2019Rewterz Threat Advisory – Microsoft Windows Server 2016 / Windows 10 Multiple Vulnerabilities
January 10, 2019Rewterz Threat Advisory – Microsoft Windows Server 2012 / Windows RT 8.1 / 8.1 Multiple Vulnerabilities
January 10, 2019Rewterz Threat Advisory – Microsoft Windows Server 2016 / Windows 10 Multiple Vulnerabilities
January 10, 2019
SEVERITY: Medium
ANALYSIS SUMMARY
Multiple vulnerabilities have been reported in multiple Microsoft products, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
CVE-2019-0585
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, affecting Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server.
CVE-2019-0541
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input, affecting Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
CVE-2019-0559
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, affecting Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
CVE-2019-0561
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. Affected products are Microsoft Word, Office 365 ProPlus, Microsoft Office.
CVE-2019-0560
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. The flaw affects Office 365 ProPlus, Microsoft Office.
AFFECTED PRODUCTS
Microsoft Office Excel Viewer 2007
Microsoft Office Word Viewer
Microsoft Office 2010
Microsoft Word 2010
Microsoft Outlook 2010
Microsoft Office Web Apps
Microsoft Office 2013
Microsoft Word 2013
Microsoft Outlook 2013
Microsoft Office 2013 RT
Microsoft Word 2013 RT
Microsoft Office Web Apps 2010
Microsoft Office 2016 for Mac
Microsoft Office 2016 / O365
Microsoft Word 2016 / O365
Microsoft Outlook 2016 / O365
Microsoft Outlook 2013 RT
Microsoft Office Online Server
Office 365 ProPlus (formerly Microsoft Office 2016 Click-to-Run)
Microsoft Office 2019 / O365
Microsoft Office 2019 for Mac
IMPACT
System access
Exposure of sensitive information
REMEDIATION
Vendor has released patches for the following vulnerabilities.
- Microsoft Office 2016 for Mac:
https://go.microsoft.com/fwlink/p/?linkid=831049
- Microsoft Office 2019 for Mac:
https://go.microsoft.com/fwlink/p/?linkid=831049
- Microsoft Word 2016 (64-bit edition) (KB4461543):
https://www.microsoft.com/downloads/details.aspx?familyid=6b6bf606-362b-45fb-b788-8427c59fc0ca
- Microsoft Word 2016 (32-bit edition) (KB4461543):
https://www.microsoft.com/downloads/details.aspx?familyid=0b8081a7-7b11-412c-a24b-abeff769e4e0
- Microsoft Word 2013 Service Pack 1 (64-bit editions) (KB4461594):
https://www.microsoft.com/downloads/details.aspx?familyid=e5879074-a0a8-40f2-b9b2-835a4c454f07
- Microsoft Word 2013 Service Pack 1 (32-bit editions) (KB4461594):
https://www.microsoft.com/downloads/details.aspx?familyid=508a0d37-11a2-4c9e-8a04-b92414596eee
- Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4461617):
https://www.microsoft.com/downloads/details.aspx?familyid=5f19c54b-07aa-4eec-905e-64668537174e
- Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4461617):
https://www.microsoft.com/downloads/details.aspx?familyid=13ae8f40-cec7-488b-ae8d-f838901d161d
- Microsoft Office Web Apps Server 2010 Service Pack 2 (KB4461620): https://www.microsoft.com/downloads/details.aspx?familyid=cd09326c-6f38-472d-91ba-00dd5a99a7ba
- Microsoft Office Online Server (KB4461633):
https://www.microsoft.com/downloads/details.aspx?familyid=3665d6c6-667d-4e3b-bed3-d6100c330931
- Microsoft Word 2013 RT Service Pack 1 (KB4461594):
Apply update (please see the vendor’s service database for details).
- Microsoft Office Word Viewer (KB4461635):
https://www.microsoft.com/downloads/details.aspx?familyid=fcf98221-3109-4d3d-96e9-3b1304e473ec
- Microsoft Word 2010 Service Pack 2 (32-bit editions) (KB4461625):
https://www.microsoft.com/downloads/details.aspx?familyid=b94b86f5-046e-4463-8b28-63367034372b
- Microsoft Word 2010 Service Pack 2 (64-bit editions) (KB4461625):
https://www.microsoft.com/downloads/details.aspx?familyid=241cedf7-3dd3-451f-846b-64d37fdd0df5
- Microsoft Office 2019 for 64-bit editions:
Apply update (please see the vendor’s service database for details).
- Microsoft Office 2019 for 32-bit editions:
Apply update (please see the vendor’s service database for details).
- Office 365 ProPlus for 32-bit Systems:
Apply update (please see the vendor’s service database for details).
- Office 365 ProPlus for 64-bit Systems:
Apply update (please see the vendor’s service database for details).
- Microsoft Office 2016 (64-bit edition) (KB4022162):
https://www.microsoft.com/downloads/details.aspx?familyid=b6eb3d57-4e5e-4ccd-951b-e945f2b971e5
- Microsoft Office 2016 (32-bit edition) (KB4022162):
https://www.microsoft.com/downloads/details.aspx?familyid=923547e5-d535-4d4e-b295-f18355f9c868
- Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB2553332):
https://www.microsoft.com/downloads/details.aspx?familyid=0e66fa23-10c1-486b-9380-3542eebf9987
- Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB2553332):
https://www.microsoft.com/downloads/details.aspx?familyid=40637cf1-885c-4297-a267-d9b1224f30fc
- Microsoft Excel Viewer 2007 Service Pack 3 (KB2596760):
https://www.microsoft.com/downloads/details.aspx?familyid=38c00fb3-bf6b-4ab8-84c2-7c09c644d4f9
- Microsoft Office 2013 Service Pack 1 (64-bit editions) (KB3172522):
https://www.microsoft.com/downloads/details.aspx?familyid=565310c4-e9df-450c-89b5-5be70127c4db
- Microsoft Office 2013 Service Pack 1 (32-bit editions) (KB3172522):
https://www.microsoft.com/downloads/details.aspx?familyid=8275a96a-e226-4e0d-8ac9-1a1b58c966ef
- Microsoft Office 2013 RT Service Pack 1 (KB3172522):
Apply update (please see the vendor’s service database for details).
- Microsoft Office Word Viewer (KB4462112):
https://www.microsoft.com/downloads/details.aspx?familyid=69bd0e31-cc23-4cda-87ab-5970bbaf2d9b
- Microsoft Outlook 2016 (64-bit edition) (KB4461601):
- https://www.microsoft.com/downloads/details.aspx?familyid=a34c5286-3019-4ae8-877c-5f91dc8eff09
- Microsoft Outlook 2016 (32-bit edition) (KB4461601):
https://www.microsoft.com/downloads/details.aspx?familyid=600e9c0b-179a-4e5a-af46-5ecdfee7a593
- Microsoft Outlook 2013 Service Pack 1 (64-bit editions) (KB4461595):
https://www.microsoft.com/downloads/details.aspx?familyid=bfcd1ed7-f484-4b74-b122-3beef393f689
- Microsoft Outlook 2013 Service Pack 1 (32-bit editions) (KB4461595):
https://www.microsoft.com/downloads/details.aspx?familyid=e24fb7df-8bca-4a58-8977-4e55f130e2c5
- Microsoft Outlook 2013 RT Service Pack 1 (KB4461595):
Apply update (please see the vendor’s service database for details).
- Microsoft Outlook 2010 Service Pack 2 (32-bit editions) (KB4461623):
https://www.microsoft.com/downloads/details.aspx?familyid=c2b4ca90-8c20-485a-bcee-59a4dac3ba5d
- Microsoft Outlook 2010 Service Pack 2 (64-bit editions) (KB4461623):
https://www.microsoft.com/downloads/details.aspx?familyid=cf0bb670-764f-43d9-82fc-1061860486ec
- Microsoft Office 2016 (64-bit edition) (KB4461535):
https://www.microsoft.com/downloads/details.aspx?familyid=6f7165ba-a2bc-407f-9dfc-f39db6ab10af
- Microsoft Office 2016 (32-bit edition) (KB4461535):
https://www.microsoft.com/downloads/details.aspx?familyid=700506c5-7b20-44b8-9a5d-e29f037b7117
- Microsoft Office 2013 Service Pack 1 (64-bit editions) (KB4461537):
https://www.microsoft.com/downloads/details.aspx?familyid=5a2232ff-eb3b-4515-8367-c274f4f572c3
- Microsoft Office 2013 Service Pack 1 (32-bit editions) (KB4461537):
https://www.microsoft.com/downloads/details.aspx?familyid=6f910d98-4bd9-4557-90d7-bdf56b59a465
- Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4461614):
https://www.microsoft.com/downloads/details.aspx?familyid=f82f195b-1ec3-4582-b255-ec31285b3573
- Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4461614):
https://www.microsoft.com/downloads/details.aspx?familyid=b29b8d28-84ac-406b-abc8-3327442db615
- Microsoft Office 2013 RT Service Pack 1 (KB4461537):
Apply update (please see the vendor’s service database for details).
- Microsoft Office 2016 for Mac:
https://go.microsoft.com/fwlink/p/?linkid=831049
- Microsoft Office 2019 for Mac:
https://go.microsoft.com/fwlink/p/?linkid=831049