Microsoft Office Unsupported Channel Version Detection

critical Nessus Plugin ID 97085

Synopsis

The remote host contains an unsupported Channel version of Microsoft Office.

Description

According to its Channel version, the installation of Microsoft Office and Microsoft Office Retail on the remote Windows host is no longer supported. Refer to links in See Also for details on currently supported versions for each Channel.

- Current Channel : Updated once a month, on the second Tuesday of the month.
Any given version of Current Channel is supported only until the next version of Current Channel is released, which is usually every month.

- Monthly Enterprise Channel : Any given version of Monthly Enterprise Channel is supported for two months. At any given time, there are always two versions of Monthly Enterprise Channel that are supported.

- Semi-Annual Enterprise Channel (Preview) : Released with new features twice a year, on the second Tuesday in March and September (four months before those same new features are released in Semi-Annual Enterprise Channel).

- Semi-Annual Enterprise Channel : Any given version of Semi-Annual Enterprise Channel is supported for fourteen months. This means that the new version of Semi-Annual Enterprise Channel that is released in January is supported until March of the following year, and the July release is supported until September of the following year. At any given time, there are always two supported versions, except during the first two months of the year, when there will be 3 supported versions.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Solution

Upgrade to a Channel version of Microsoft Office that is currently supported.

See Also

http://www.nessus.org/u?b09fa171

http://www.nessus.org/u?cebfe0cb

Plugin Details

Severity: Critical

ID: 97085

File Name: microsoft_office_channel_unsupported.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 2/9/2017

Updated: 9/25/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: The product is no longer supported by vendor

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/Registry/Enumerated, SMB/Office/365

Reference Information

IAVA: 0001-A-0503