Detections
Analytics
Security Updates for Microsoft Office Products (February 2024)
critical Nessus Plugin ID 190483
Language:
Synopsis
The Microsoft Office Products are affected by multiple remote code execution vulnerabilities.Description
The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Microsoft has released the following security updates to address this issue:-KB5002467
-KB5002469
-KB5002519
-KB5002522
-KB5002537
See Also
https://support.microsoft.com/en-us/help/5002467
https://support.microsoft.com/en-us/help/5002469
https://support.microsoft.com/en-us/help/5002519
Plugin Details
Severity: Critical
ID: 190483
File Name: smb_nt_ms24_feb_office.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 2/13/2024
Updated: 4/11/2024
Supported Sensors: Frictionless Assessment Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-21413
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:office
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/13/2024
Vulnerability Publication Date: 2/13/2024
Exploitable With
Core Impact
Reference Information
CVE: CVE-2024-20673, CVE-2024-21413