Threat Alert

by IthacaLabs™

THREAT LEVEL/High 10/06/2021

New UAF Vulnerability Affecting Microsoft Office to be Patched Today

Threat Level Description

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.

Description

We have observed that four security vulnerabilities affecting the Microsoft Office suite, including Excel and Office online, have been identified.

The vulnerabilities could be potentially abused by bad actors to deliver malware via Word and Excel documents.

In an attack scenario the exploitation could be triggered by simply opening a malicious Excel (.XLS) file that is served via a download link or an email through social engineering.

Furthermore, the four new vulnerabilities could affect almost the entire Microsoft Office ecosystem, since the entire Office suite has the ability to embed objects, which broadens the attack vector.

The list of four vulnerabilities are listed below:

• CVE-2021-31179 – Microsoft Office Remote Code Execution Vulnerability
• CVE-2021-31174 – Microsoft Excel Information Disclosure Vulnerability
• CVE-2021-31178 – Microsoft Office Information Disclosure Chinese Vulnerability
• CVE-2021-31939 – Microsoft Excel Remote Code Execution Vulnerability

CVE(s)

CVE-2021-31179

BASE SCORE: 6.8 Medium

VECTOR: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177.

CVE-2021-31174

BASE SCORE: 2.1 Low

VECTOR: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Microsoft Excel Information Disclosure Vulnerability

CVE-2021-31178

BASE SCORE: 4.3 Medium

VECTOR: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Microsoft Office Information Disclosure Vulnerability

CVE-2021-31939

BASE SCORE: 6.8 Medium

VECTOR: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Microsoft Excel Remote Code Execution Vulnerability

Affected Systems

  • Microsoft Office Suite

Recommendation(s)

You should proceed and apply the patches as soon as possible to mitigate the risk and avoid attacks that could exploit the aforementioned weaknesses.

You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.

Additionally you should consider increasing the security awareness of the employees and proceed with a Security Awareness program, designed to increase the level of understanding regarding Social Engineering and security threats in general.

References

Get the latest Threat Alerts in your inbox.