Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0050 Microsoft Patch Tuesday update for Microsoft Office and Office Services and Web Apps for February 2022 9 February 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft 365 Apps for Enterprise Microsoft Excel Microsoft Office Microsoft Office Online Server Microsoft Office Web Apps Server Microsoft SharePoint Enterprise Server Microsoft SharePoint Foundation Microsoft SharePoint Server Microsoft SharePoint Server Subscription Edition Microsoft Teams OneDrive for Android Operating System: Windows macOS Resolution: Patch/Upgrade CVE Names: CVE-2022-23280 CVE-2022-23255 CVE-2022-23252 CVE-2022-22716 CVE-2022-22005 CVE-2022-22004 CVE-2022-22003 CVE-2022-21988 CVE-2022-21987 CVE-2022-21968 CVE-2022-21965 Comment: CVSS (Max): 8.8 CVE-2022-22005 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C) CVSS Source: Microsoft OVERVIEW Microsoft has released its monthly security patch update for the month of February 2022. This update resolves 11 vulnerabilities across the following products: [1] Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft Office Online Server Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Outlook 2016 for Mac Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Teams Admin Center Microsoft Teams for Android Microsoft Teams for iOS OneDrive for Android IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2022-21965 Denial of Service Important CVE-2022-21968 Security Feature Bypass Important CVE-2022-21987 Spoofing Important CVE-2022-21988 Remote Code Execution Important CVE-2022-22003 Remote Code Execution Important CVE-2022-22004 Remote Code Execution Important CVE-2022-22005 Remote Code Execution Important CVE-2022-22716 Information Disclosure Important CVE-2022-23252 Information Disclosure Important CVE-2022-23255 Security Feature Bypass Important CVE-2022-23280 Security Feature Bypass Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB3118335, KB3172514, KB5002120, KB5002133, KB5002135 KB5002136, KB5002137, KB5002140, KB5002145, KB5002146 KB5002147, KB5002149, KB5002155, KB5002156 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYgLzkuNLKJtyKPYoAQjCPBAAr1zz4weggUdLUEjLXLPBpoqvTKZeLyjH lUhrn+0ouash60fz4dHcfsvN92839t2t6DmTXLi03BsVNfratVdD1lbVgWQoiO+E m2EIVYtFsBkzAUonndplZuhhGWD8jj1Is78KUDJCOcoONessuoX3coE5A6maL8BX AaCAR19qd56Lt+dfPan2GQKkblTJW0zM/XbsleFfEDACPjdS0DZPTclwGNNS1h0H iOyyS9Vp2x9JJ+Rm1c4Bees1D7sCgI9GvkYnMzP4Xj1aXd/IiEoO/+qWzmRlPH8x oyN76K5DEg5gsHvA0Hiis2jEVrk+XR1wZo3WmHh0cwFom5AkkqhZqMaLKBrXy24D 0JSXhcanNpgVEmAsCZRlddjJnabivLJdOJ98nEY9yS0WJjgGGT0k2Sbe/soyG/nv giOClpMXJ649xb1jbwqREzLWaWHgcvFP4oZeqvM93Lw3U3MuvIP58nw9l+YwaJAe HZLBN/os0HtDIrcb/JLxhoDrxVNR9LAWk4sk1evY3MiQ3FLGNGO6MvDbm6jKx08z dwjVF4TtFkYOzVMC+8lre+0yHEnhRZ77rT9lxHPPfEqVNr81QlgoHvwfD/Tbd6Hf IpthqnPYJEwjjO3v4TGnASPR2oSpQ4b2QWoROrwGYl9acVgeHUVBDiIIJeIhqLjB kcYsttq5idc= =N1ki -----END PGP SIGNATURE-----