Описание
Microsoft Office Remote Code Execution Vulnerability
FAQ
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Why am I receiving notifications during file load?
Some Office files, templates, or add-ins (even ones originally obtained from Microsoft) may display a notification message. Macros, or add-ins, in those files have been disabled. Please see Side effects after you apply April 2021 security updates for Office for more information.
I'm running Office 2010 or Office 2013. Why are my add-ins such as Solver and Analysis ToolPak appearing in a different language after installing this update?
This behavior is expected after installing these updates. Please see Side effects after you apply April 2021 security updates for Office to learn the steps in order to display the desired language.
I'm running Office 2007. How do I protect myself?
Microsoft Office 2007 reached end of support on October 10, 2017. To stay supported, you will need to upgrade to a supported version of Office. If upgrading is not feasible, applying the following mitigations can help protect your system; however, they will disable multiple features in Microsoft Office. To mitigate the vulnerability, all of the following modifications must be made:
Remove all Trusted Publishers: See Plan security settings for ActiveX controls, add-ins, and macros in the 2007 Office system for more information.
Disable VBA for Office: See How to turn off Visual Basic for Applications when you deploy Office
In addition, for each Microsoft Office 2007 Application, disable the following:
- Disable all macros without notification: see the Disable untrusted macros without notification section of Plan security settings for ActiveX controls, add-ins, and macros in the 2007 Office system
- Disable Trusted Locations: see Plan trusted locations and trusted publishers settings for the 2007 Office system
- Disable all Application Add-ins: see the Disable add-ins on a per-application basis section of Plan security settings for ActiveX controls, add-ins, and macros in the 2007 Office system
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | ||
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | ||
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | ||
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | ||
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft Office 2013 RT Service Pack 1 | - | |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft Excel 2013 RT Service Pack 1 | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Microsoft Office Remote Code Execution Vulnerability
Уязвимость пакетов программ Microsoft Office, Microsoft Excel, Microsoft Office Web Apps Server, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
EPSS
7.8 High
CVSS3