Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0047 Microsoft Patch Tuesday update for Microsoft Office, Microsoft Office Services and Web Apps for February 2021 10 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft 365 Apps for Enterprise Microsoft Excel Microsoft Lync Server Microsoft Office Microsoft Office Web Apps Server Microsoft Sharepoint Microsoft Teams Office Online Server Skype for Business Operating System: Windows Mac OS Apple iOS Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Provide Misleading Information -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-24114 CVE-2021-24099 CVE-2021-24073 CVE-2021-24072 CVE-2021-24071 CVE-2021-24070 CVE-2021-24069 CVE-2021-24068 CVE-2021-24067 CVE-2021-24066 CVE-2021-1726 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2021. This update resolves 11 vulnerabilities across the following products: [1] Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Lync Server 2013 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office Online Server Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft Teams for iOS Office Online Server Skype for Business Server 2015 CU 8 Skype for Business Server 2019 CU2 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-1726 Spoofing Important CVE-2021-24066 Remote Code Execution Important CVE-2021-24067 Remote Code Execution Important CVE-2021-24068 Remote Code Execution Important CVE-2021-24069 Remote Code Execution Important CVE-2021-24070 Remote Code Execution Important CVE-2021-24071 Information Disclosure Important CVE-2021-24072 Remote Code Execution Important CVE-2021-24073 Spoofing Important CVE-2021-24099 Denial of Service Important CVE-2021-24114 Information Disclosure Important MITIGATION Microsoft recommends updating the software to the latest available version available on the Microsoft Update Catalog. [1]. REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYCNjWuNLKJtyKPYoAQgi2xAAnANkfU1r32SLTKaziB+SVdKVaKbbiG8q bjRKdtAO12Hy0j9qiC1xrwMvwT1Kvg8HqzcbvPs2Wgr60M8sDe2WSnmtKRRE9P6N tb+he37naNc1jBNIzPktyaNV1EVw0BTQtGSHsMpHmwq5iFOBNM6kP2VyrtiaB3a4 022y52aPWE6JOo4OxLmRsIQJE2iAAODmrsPkk16AhZI/lXkWrQLUoghj5F1lNoUA JpSmqXkGSHUsfd74grDUWttI/fRc4iAzoxy8t3FWeYB30oWxqRpYndtRlqbzbb17 2RcCzR8dYFuYXWwET5NmR9G7MJS97ET/x09ejmXfRcspvGKcH7Y2ta7MaJu/GtOP TRUulUwn8MNS6PNbdzM1332lMMATmA4jwrAH2zx7hyCFvBDXRsOhfHHdCTDABRcT wCTxBrxufUmdTqNrmnXZ3eeUMvty7ND1LnuEvXpbARjgiP0xJX7ofjCBec3d5d8e 41w5HW5vpxB0h4vePTZVug7UnfnKk/YYjiP3Xg92UW0Ud264MSpYrfKt5P6MufZh jZ8wVlL5BYonNi6BK0h8hfxi9K7DAYMvuoM4YHHjDTq/IRJFEn/5+5VVsL6qrhsG n+OS2Az3U8D8jVimw3m6WvOoTACaU8euWpujG8viFEM2t+2OSzYRnVfCk++Nuzxd laCcegoUc2U= =iwAt -----END PGP SIGNATURE-----