Office January Security Updates Fix Remote Code Execution Bugs

Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month’s Patch Tuesday.

In total, this month the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attackers to escalate privileges or execute arbitrary code remotely on systems running vulnerable software.

separate crash problem affecting the Microsoft 365 Apps version of Excel when using certain Windows Security exploit protection settings was also fixed this week.

Microsoft also released non-security Microsoft Office updates last week addressing recurrent Outlook crashes and other issues impacting Windows Installer (MSI) editions of Office 2016 products.

The company also issued the January 2021 Patch Tuesday, with patches for a Microsoft Defender antivirus zero-day exploited in the wild and 83 additional security vulnerabilities, ten of them rated as critical.

Non-security Windows updates were also released on Tuesday with the Windows 10 KB4598229 and KB4598242 cumulative updates.

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

List of patched Office security vulnerabilities

Office security updates published as part of the January 2021 Patch Tuesday address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi)-based editions of Microsoft Office products to remote code execution (RCE) attacks.

Microsoft rated the six RCE bugs patched this month as Important severity issues since they could enable attackers to execute arbitrary code in the context of the currently logged-in user.

After successful exploitation, the attackers could install malicious programs, view, change, and delete data, as well as create their own admin accounts on compromised Windows devices.

TagCVE IDCVE TitleSeverity
Microsoft OfficeCVE-2021-1713Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1714Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1711Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1715Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1716Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1712Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1707Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1718Microsoft SharePoint Server Tampering VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1717Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1719Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1641Microsoft SharePoint Spoofing VulnerabilityImportant

January 2021 Microsoft Office security updates

Microsoft Office security updates are delivered through the Microsoft Update platform and via the Download Center.

Further information about each of them is available within the knowledge base articles linked below.

To download the January 2021 Microsoft Office security updates, you have to click on the corresponding knowledge base article below and then scroll down to the ‘How to download and install the update‘ section.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Microsoft Office 2016

ProductKnowledge Base article title and number
Excel 2016Security update for Excel 2016 (KB4493165)
Office 2016Security update for Office 2016 (KB4493168)
Office 2016Security update for Office 2016 (KB4486755)
Word 2016Security update for Word 2016 (KB4493156)


Microsoft Office 2013

ProductKnowledge Base article title and number
Excel 2013Security update for Excel 2013 (KB4493176)
Office 2013Security update for Office 2013 (KB4486762)
Office 2013Security update for Office 2013 (KB4486759)
Word 2013Security update for Word 2013 (KB4486764)


Microsoft Office 2010

ProductKnowledge Base article title and number
Excel 2010Security update for Excel 2010 (KB4493186)
Office 2010Security update for Office 2010 (KB4493143)
Office 2010Security update for Office 2010 (KB4493142)
Office 2010Security update for Office 2010 (KB4493181)
Word 2010Security update for Word 2010 (KB4493145)


Microsoft SharePoint Server 2019

ProductKnowledge Base article title and number
Office Online ServerSecurity update for Office Online Server (KB4493160)
SharePoint Server 2019Security update for SharePoint Server 2019 (KB4493162)
SharePoint Server 2019 Language PackSecurity update for SharePoint Server 2019 Language Pack (KB4493161)


Microsoft SharePoint Server 2016

ProductKnowledge Base article title and number
SharePoint Enterprise Server 2016Security update for SharePoint Enterprise Server 2016 (KB4493163)
SharePoint Enterprise Server 2016Security update for SharePoint Enterprise Server 2016 (KB4493167)


Microsoft SharePoint Server 2013

ProductKnowledge Base article title and number
Office Web Apps Server 2013Security update for Office Web Apps Server 2013 (KB4493171)
Project Server 2013Cumulative update for Project Server 2013 (KB4493173)
SharePoint Enterprise Server 2013Security update for SharePoint Enterprise Server 2013 (KB4486724)
SharePoint Enterprise Server 2013Security update for SharePoint Enterprise Server 2013 (KB4486683)
SharePoint Enterprise Server 2013Cumulative update for SharePoint Enterprise Server 2013 (KB4493150)
SharePoint Foundation 2013Security update for SharePoint Foundation 2013 (KB4493175)
SharePoint Foundation 2013Cumulative update for SharePoint Foundation 2013 (KB4493172)


Microsoft SharePoint Server 2010

ProductKnowledge Base article title and number
Project Server 2010Cumulative update for Project Server 2010 (KB4493182)
SharePoint Foundation 2010Security update for SharePoint Foundation 2010 (KB4493187)
SharePoint Server 2010Security update for SharePoint Server 2010 (KB4493178)
SharePoint Server 2010Security update for SharePoint Server 2010 (KB4486736)
SharePoint Server 2010Cumulative update for SharePoint Server 2010 (KB4493184)
SharePoint Server 2010 Office Web AppsSecurity update for SharePoint Server 2010 Office Web Apps (KB4493183)

Privacy Ninja provides GUARANTEED quality and results for the following services: 
DPO-As-A-Service (Outsourced DPO Subscription)
PDPA Compliance Training
P
DPA Compliance Audit
Dig
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Vulnerability Assessment & Penetration Testing (VAPT)
Smart Contract Audit

Like & Subscribe:
Facebook
LinkedIn
Twitter
YouTube
Podcast

Categories: Microsoft

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *