Detections
Analytics

Security Updates for Microsoft Office Products (April 2021)

high Nessus Plugin ID 148474

Language:

Synopsis

The Microsoft Office Products are affected by multiple vulnerabilities.

Description

The Microsoft office Product is missing security updates. It is, therefore, affected by multiple vulnerabilities:

 - Microsoft Office Remote Code Execution Vulnerability (CVE-2021-28449)

 - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-28453)

 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2021-28454)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Microsoft has released the following security updates to address this issue:
-KB2553491
 -KB2589361
 -KB3178639
 -KB3178643
 -KB4504738
 -KB4504722
 -KB4504726
 -KB4504724
 -KB4504739
 -KB4504727

See Also

https://support.microsoft.com/en-us/help/2553491

https://support.microsoft.com/en-us/help/2589361

https://support.microsoft.com/en-us/help/3178639

https://support.microsoft.com/en-us/help/3178643

https://support.microsoft.com/en-us/help/4493215

https://support.microsoft.com/en-us/help/4504738

https://support.microsoft.com/en-us/help/4504722

https://support.microsoft.com/en-us/help/4504726

https://support.microsoft.com/en-us/help/4504724

https://support.microsoft.com/en-us/help/4504739

https://support.microsoft.com/en-us/help/4504727

Plugin Details

Severity: High

ID: 148474

File Name: smb_nt_ms21_apr_office.nasl

Version: 1.7

Type: local

Agent: windows

Published: 4/13/2021

Updated: 1/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-28454

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2021

Vulnerability Publication Date: 4/13/2021

Reference Information

CVE: CVE-2021-28449, CVE-2021-28453, CVE-2021-28454

IAVA: 2021-A-0174-S

MSFT: MS21-2553491, MS21-2589361, MS21-3178639, MS21-3178643, MS21-4493215, MS21-4504722, MS21-4504724, MS21-4504726, MS21-4504727, MS21-4504738, MS21-4504739

MSKB: 2553491, 2589361, 3178639, 3178643, 4493215, 4504722, 4504724, 4504726, 4504727, 4504738, 4504739