Rewterz Threat Advisory – Multiple Microsoft Office Vulnerabilities

June 15, 2022

Severity

Medium

Analysis Summary

CVE-2022-30159 CVSS:5.5

Microsoft Office could allow a remote attacker to obtain sensitive information. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-30171 CVSS:5.5

Microsoft Office could allow a remote authenticated attacker to obtain sensitive information. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-30172 CVSS:5.5

CVE-2022-30174 CVSS:7.4

Microsoft Office could allow a remote authenticated attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution
Information Disclosure

Indicators Of Compromise

CVE

CVE-2022-30159
CVE-2022-30171
CVE-2022-30172
CVE-2022-30174

Affected Vendors

Microsoft

Affected Products

Microsoft 365 Apps for Enterprise x32
Microsoft 365 Apps for Enterprise x64
Microsoft Office LTSC 2021 x32
Microsoft Office LTSC 2021 x64
Microsoft Office Web Apps 2013 SP1
Microsoft Office Online Server
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 SP1
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server Subscription Edition Language Pack

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2022-30159
CVE-2022-30171
CVE-2022-30172
CVE-2022-30174