• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Office Security Bulletins Affect Excel and SharePoint

June 8, 2010 By The Editor

Summary:

  • These vulnerabilities affect: All current versions of Microsoft Office (for Windows and Mac) and Office SharePoint Server
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users into opening malicious Office documents
  • Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released three security bulletins describing 18 vulnerabilities that affect Microsoft Office, its various components, and other Office Suite related packages, such as SharePoint Server. Each vulnerability affects Office components to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.

  • MS10-036: Office COM Validation Code Execution Vulnerability

Microsoft COM (Component Object Model) is a Windows technology that allows software components, such as the various Office packages, to communicate with one another. In their bulletin, Microsoft warns that Office doesn’t properly validate COM objects instantiated in its various applications (Excel, Word, PowerPoint, etc.). By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit this vulnerability to execute code on a victim’s computer, inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine. The attacker can trigger this flaw with any Office document.
Microsoft rating: Important.

  • MS10-038: Multiple Excel Code Execution Vulnerabilities.

Office’s spreadsheet application, Excel, suffers from 14 security vulnerabilities. Though the vulnerabilities differ technically, most of them share the same basic scope and impact. By enticing one of your users into downloading and opening a maliciously crafted Excel document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine. Although this type of attack requires some user interaction (which is why Microsoft only rates it as Important), we suspect that your users interact with Office documents quite regularly. An attacker could easily convince many users to open a malicious Excel document, so we recommend you apply this Excel update immediately. These flaws also affect the Mac versions of Office.
Microsoft rating: Important.

  • MS10-039: SharePoint Elevation of Privilege and Information Disclosure Vulnerabilities.

SharePoint and InfoPath, two Microsoft Office related products, suffer from three security vulnerabilities. The worst are two Cross-Site Scripting vulnerabilities (XSS) that could allow an attacker to elevate his privileges to that of a logged in user. Of course, the attacker would first have to entice a logged in user to clicking a specially crafted link. The remaining flaw is a Denial of Service (DoS) vulnerability associated with the Sharepoint online help page. By sending specially crafted requests to the Sharepoint help page, an attacker could cause your SharePoint server to stop responding until you restart.
Microsoft rating: Important.

Solution Path:

Microsoft has released patches that correct all of these Office related vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.

MS10-036:

Note: Due to architecture issues, Microsoft is unable to release a proper update for Office XP to fix this problem. However, they have released a “FixIt” workaround for Office XP users. The XP link below refers to that FixIt.

  • Office XP
    • FixIt solution
  • Office 2003
    • Update for Excel
    • Update for Word
    • Update for PowerPoint
    • Update for Publisher
    • Update for Visio
  • 2007 Microsoft Office System
    • Update for Excel
    • Update for Word
    • Update for PowerPoint
    • Update for Publisher
    • Update for Visio

Other versions of Office not affected.

MS10-038:

Excel update for:

  • Office XP
  • Office 2003
  • 2007 Microsoft Office System
  • Office Excel Viewer
  • Office 2004 for Mac
  • Office 2008 for Mac
  • Open XML File Format Converter for Mac
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
  • Microsoft Office InfoPath 2003
  • Microsoft Office InfoPath 2007
  • Microsoft Office SharePoint Server 2007
  • Microsoft Office SharePoint Server 2007 64-bit
  • Microsoft Windows SharePoint Services 3.0
  • Microsoft Windows SharePoint Services 3.0 64-bit

MS10-039:

For All WatchGuard Users:

While you can configure certain WatchGuard Firebox models to block Microsoft Office documents, most organizations need to allow them in order to conduct business. Furthermore, you’d have to block all types of Office documents in order to mitigate the risk posed by one of these vulnerabilities. Therefore, the patches above are your best recourse.

Nonetheless, if you want to block all Office documents, the links below contain video instructions showing how your Fireboxes proxy policies can block files by extension. Keep in mind, this technique also blocks legitimate documents as well.

  • Firebox X Edge running 10.x
    • How do I block files with the FTP proxy?
    • How do I block files with the HTTP proxy?
    • How do I block files with the POP3 proxy?
    • How do I block files with the SMTP proxy
  • Firebox X Core and X Peak running Fireware 10.x or Fireware XTM
    • How do I block files with the FTP proxy?
    • How do I block files with the HTTP proxy?
    • How do I block files with the POP3 proxy?
    • How do I block files with the SMTP proxy?

Status:

Microsoft has released patches correcting these issues.

References:

  • Microsoft Security Bulletin MS10-036
  • Microsoft Security Bulletin MS10-038
  • Microsoft Security Bulletin MS10-039

This alert was researched and written by Corey Nachreiner, CISSP.

Share This:

Related

Filed Under: Security Bytes Tagged With: excel, Microsoft, sharepoint

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity’s Toll on Mental Health
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
  • Successfully Prosecuting a Russian Hacker
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use