Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Office Security Bulletins Affect Excel and SharePoint

By

Summary:

  • These vulnerabilities affect: All current versions of Microsoft Office (for Windows and Mac) and Office SharePoint Server
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users into opening malicious Office documents
  • Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released three security bulletins describing 18 vulnerabilities that affect Microsoft Office, its various components, and other Office Suite related packages, such as SharePoint Server. Each vulnerability affects Office components to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.

  • MS10-036: Office COM Validation Code Execution Vulnerability

Microsoft COM (Component Object Model) is a Windows technology that allows software components, such as the various Office packages, to communicate with one another. In their bulletin, Microsoft warns that Office doesn’t properly validate COM objects instantiated in its various applications (Excel, Word, PowerPoint, etc.). By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit this vulnerability to execute code on a victim’s computer, inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine. The attacker can trigger this flaw with any Office document.
Microsoft rating: Important.

  • MS10-038: Multiple Excel Code Execution Vulnerabilities.

Office’s spreadsheet application, Excel, suffers from 14 security vulnerabilities. Though the vulnerabilities differ technically, most of them share the same basic scope and impact. By enticing one of your users into downloading and opening a maliciously crafted Excel document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine. Although this type of attack requires some user interaction (which is why Microsoft only rates it as Important), we suspect that your users interact with Office documents quite regularly. An attacker could easily convince many users to open a malicious Excel document, so we recommend you apply this Excel update immediately. These flaws also affect the Mac versions of Office.
Microsoft rating: Important.

  • MS10-039: SharePoint Elevation of Privilege and Information Disclosure Vulnerabilities.

SharePoint and InfoPath, two Microsoft Office related products, suffer from three security vulnerabilities. The worst are two Cross-Site Scripting vulnerabilities (XSS) that could allow an attacker to elevate his privileges to that of a logged in user. Of course, the attacker would first have to entice a logged in user to clicking a specially crafted link. The remaining flaw is a Denial of Service (DoS) vulnerability associated with the Sharepoint online help page. By sending specially crafted requests to the Sharepoint help page, an attacker could cause your SharePoint server to stop responding until you restart.
Microsoft rating: Important.

Solution Path:

Microsoft has released patches that correct all of these Office related vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.

MS10-036:

Note: Due to architecture issues, Microsoft is unable to release a proper update for Office XP to fix this problem. However, they have released a “FixIt” workaround for Office XP users. The XP link below refers to that FixIt.

Other versions of Office not affected.

MS10-038:

Excel update for:

MS10-039:

For All WatchGuard Users:

While you can configure certain WatchGuard Firebox models to block Microsoft Office documents, most organizations need to allow them in order to conduct business. Furthermore, you’d have to block all types of Office documents in order to mitigate the risk posed by one of these vulnerabilities. Therefore, the patches above are your best recourse.

Nonetheless, if you want to block all Office documents, the links below contain video instructions showing how your Fireboxes proxy policies can block files by extension. Keep in mind, this technique also blocks legitimate documents as well.

Status:

Microsoft has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

Leave a Reply

Your email address will not be published. Required fields are marked *


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

View All

Archives