Friday, 11 August 2023

Microsoft Office Defense in Depth Update

15:16  , ,  

Microsoft Office Defense in Depth Update

Date :08-Aug-23
Severity: Medium

Affected Software

  • Microsoft Word 2013 Service Pack 1 (64-bit editions)
  • Microsoft Word 2013 Service Pack 1 (32-bit editions)
  • Microsoft Word 2013 RT Service Pack 1
  • Microsoft Publisher 2013 Service Pack 1 (64-bit editions)
  • Microsoft Publisher 2013 Service Pack 1 (32-bit editions)
  • Microsoft Office 2013 Service Pack 1 (64-bit editions)
  • Microsoft Office 2013 Service Pack 1 (32-bit editions)
  • Microsoft Office 2013 RT Service Pack 1
  • Microsoft Excel 2013 Service Pack 1 (64-bit editions)
  • Microsoft Excel 2013 Service Pack 1 (32-bit editions)
  • Microsoft Excel 2013 RT Service Pack 1
  • Microsoft Project 2016 (64-bit edition)
  • Microsoft Project 2016 (32-bit edition)
  • Microsoft Publisher 2016 (64-bit edition)
  • Microsoft Publisher 2016 (32-bit edition)
  • Microsoft Word 2016 (64-bit edition)
  • Microsoft Word 2016 (32-bit edition)
  • Microsoft Visio 2016 (64-bit edition)
  • Microsoft Visio 2016 (32-bit edition)
  • Microsoft PowerPoint 2016 (64-bit edition)
  • Microsoft PowerPoint 2016 (32-bit edition)
  • Microsoft Office 2016 (64-bit edition)
  • Microsoft Office 2016 (32-bit edition)
  • Microsoft Excel 2016 (64-bit edition)
  • Microsoft Excel 2016 (32-bit edition)
  • Microsoft Visio 2013 Service Pack 1 (64-bit editions)
  • Microsoft Visio 2013 Service Pack 1 (32-bit editions)
  • Microsoft PowerPoint 2013 RT Service Pack 1
  • Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
  • Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
  • Microsoft Office LTSC 2021 for 32-bit editions
  • Microsoft Office LTSC 2021 for 64-bit editions
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft Publisher 2013 Service Pack 1 RT
  • Microsoft Office 2019 for 64-bit editions
  • Microsoft Office 2019 for 32-bit editions
  • Microsoft Project 2013 Service Pack 1 (64-bit editions)
  • Microsoft Project 2013 Service Pack 1 (32-bit editions)


Description

CVE-2023-36873 - .NET Framework Spoofing Vulnerability:In this vulnerability where unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate.
CVE-2023-36899 - .NET Framework Remote Code Execution Vulnerability: In this vulnerability in applications on IIS using their parent application’s Application Pool which can lead to privilege escalation or other security bypasses.

Solutions
Original Advisory
https://support.microsoft.com/en-us/topic/august-8-2023-security-and-quality-rollup-for-net-framework-2-0-3-0-4-6-2-for-windows-server-2008-sp2-kb5029654-5574aadb-26e5-4b11-84d1-c6c4c02ce0f3
 
Microsoft:
https://support.microsoft.com/en-us/topic/august-8-2023-security-and-quality-rollup-for-net-framework-2-0-3-0-4-6-2-for-windows-server-2008-sp2-kb5029654-5574aadb-26e5-4b11-84d1-c6c4c02ce0f3


NOTE : The information is provide is on “as is “ basis, without assurance of any kind.