Microsoft Office has been found to contain multiple vulnerabilities, according to a security bulletin released on September 12, 2023. These vulnerabilities have the potential to be exploited by attackers for bypassing security features, identity theft, remote arbitrary code execution, data confidentiality breaches, and privilege escalation.
The affected systems include various versions of Microsoft 365 Apps for Enterprise, Microsoft Excel, Microsoft Office 2013, Microsoft Office 2016, Microsoft Office 2019 for Mac, Microsoft Office LTSC 2021, Microsoft Office Online Server, Microsoft Outlook, and Microsoft Word.
One of the identified vulnerabilities, CVE-2023-36761, has already been exploited by attackers.
Summary of Vulnerabilities:
- CVE-2023-36761: Exploitation of this vulnerability can lead to a security feature bypass.
- CVE-2023-36766: It allows for identity theft.
- CVE-2023-36762: This vulnerability enables remote arbitrary code execution.
- CVE-2023-36763: It can lead to a breach of data confidentiality.
- CVE-2023-36765: This vulnerability allows attackers to bypass security features.
- CVE-2023-36767: It can result in remote arbitrary code execution.
- CVE-2023-41764: Exploitation of this vulnerability can lead to a security feature bypass.
Recommended Actions:
Users are advised to refer to the security bulletin issued by Microsoft to obtain the necessary patches and updates for these vulnerabilities. More information can be found in the Microsoft Security Bulletin of September 12, 2023.