{"id":2091,"date":"2021-06-09T19:10:54","date_gmt":"2021-06-09T13:40:54","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2091"},"modified":"2021-06-09T19:10:56","modified_gmt":"2021-06-09T13:40:56","slug":"advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/","title":{"rendered":"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today"},"content":{"rendered":"\n
Four security vulnerabilities found in the Microsoft Office suite, which includes Excel and office online, could be probably harmed by such bad attackers to transmit adversary code using Word and Excel documents.<\/p><\/p>\n\n\n\n
\u201cFixed from tradition code, the susceptibility could have permitted the threat attackers the ability to run the code on the pointing device through malicious Office documents, like Word, Excel and Outlook,\u201d the researchers said from the investigation reported today.<\/p><\/p>\n\n\n\n
In 2021 Patch Tuesday updates, Microsoft fixed three of four bugs \u2013 tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179, with the fourth bug (CVE-2021-31939) to be concerned in June\u2019s update rolling out later today.<\/p><\/p>\n\n\n\n
In a speculative attack scenario, the investigators mentioned by their researches that the susceptibility could be generated as easier as executing a malicious Excel (.XLS) file that\u2019s shared by a download link or an email. That\u2019s why it becomes easier for threat actors to execute such vulnerabilities.<\/p><\/p>\n\n\n\n
When we come out of interpreting mistakes made in traditional code in Excel 95 file formats, the susceptibility was detected by misrepresenting MSGraph (\u201cMSGraph.Chart.8\u201d), an approximately under-investigate component in Microsoft Office items that\u2019s at par to Microsoft Equation Editors in terms of the attack surface. Equation Editor a vanished feature in Word, has now become a part of the arsenal of some \u2013related threat attackers at least since late 2018.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
What are the Major Vulnerabilities?<\/strong><\/h2>\n\n\n\n
Researchers said from the investigations that, \u201cSince the entire Office apartment has the capability to add Excel objects, this increase the attack vector, making it conceivable to implement such attacks on almost Office Software, consist up of Word, Outlook and so on.\u201d<\/p><\/p>\n\n\n\n
All the four vulnerabilities are mentioned below:<\/p><\/p>\n\n\n\n
CVE-2021-31179 \u2013 Remote Code Execution Vulnerability of Microsoft Office.<\/li><\/ul>\n\n\n\n
CVE-2021-31174 \u2013 Information Disclosure Vulnerability of Microsoft Excel.<\/li><\/ul>\n\n\n\n
CVE-2021-31178 \u2013 Information Disclosure Chinese Vulnerability of Microsoft Office.<\/li><\/ul>\n\n\n\n
CVE-2021-31939 \u2013 Remote Code Execution Vulnerability of Microsoft Excel.<\/li><\/ul>\n\n\n\n
From all of the above mentioned vulnerabilities, Microsoft mentioned in its advisories for CVE-2021-31179 and CVE-2021-31939 that the utilization of the vulnerability needs that a victim launches a specially-crafted file, computing the adversary would have to manipulate users into clicking the given link that directly redirects the user to the malicious coded documents.<\/p><\/p>\n\n\n\n
Where the Vulnerability affects the most?<\/strong><\/h2>\n\n\n\n
<\/figure><\/div>\n\n\n\n
\u201cThe Susceptibility discovers affect almost on the overall Microsoft Office environment,\u201d concluded our researchers during an investigation. \u201cThere are several ways to execute such an attack on almost every Office Software, such as Word, Excel, Outlook, Access and others.<\/p><\/p>\n\n\n\n
One of the major detections from the research is that the tradition code consistent to be weak link in the protection chain, especially in complex structured application software like Microsoft Office.\u201d<\/p><\/p>\n\n\n\n
By concluding this, it is highly recommended for Windows users to administrate the patches as soon as possible to reduce the high chance of risk and avoid such attacks that could abuse the introductory weakness and secure your device with such vulnerabilities.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Four security vulnerabilities found in the Microsoft Office suite, which includes Excel and office online, could be probably harmed by such bad attackers to transmit adversary code using Word and Excel documents. \u201cFixed from tradition code, the susceptibility could have permitted the threat attackers the ability to run the code on the pointing device through […]<\/p>\n","protected":false},"author":2,"featured_media":2093,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
Advance UAF Vulnerability Affecting Microsoft Office to Patched Today - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Four security vulnerabilities found in the Microsoft Office suite, which includes Excel and office online, could be probably harmed by such bad attackers to transmit adversary code using Word and Excel documents. \u201cFixed from tradition code, the susceptibility could have permitted the threat attackers the ability to run the code on the pointing device through […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-09T13:40:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-09T13:40:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Advance-UAF-Vulnerability-Affecting-Microsoft-Office-to-Patched-Today-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today\",\"datePublished\":\"2021-06-09T13:40:54+00:00\",\"dateModified\":\"2021-06-09T13:40:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/\"},\"wordCount\":497,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/\",\"url\":\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/\",\"name\":\"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-06-09T13:40:54+00:00\",\"dateModified\":\"2021-06-09T13:40:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/","og_locale":"en_US","og_type":"article","og_title":"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today - Xiarch Solutions Private Limited","og_description":"Four security vulnerabilities found in the Microsoft Office suite, which includes Excel and office online, could be probably harmed by such bad attackers to transmit adversary code using Word and Excel documents. \u201cFixed from tradition code, the susceptibility could have permitted the threat attackers the ability to run the code on the pointing device through […]","og_url":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-06-09T13:40:54+00:00","article_modified_time":"2021-06-09T13:40:56+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Advance-UAF-Vulnerability-Affecting-Microsoft-Office-to-Patched-Today-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today","datePublished":"2021-06-09T13:40:54+00:00","dateModified":"2021-06-09T13:40:56+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/"},"wordCount":497,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/","url":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/","name":"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-06-09T13:40:54+00:00","dateModified":"2021-06-09T13:40:56+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/advance-uaf-vulnerability-affecting-microsoft-office-to-patched-today\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Advance UAF Vulnerability Affecting Microsoft Office to Patched Today"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2091"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2091"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2091\/revisions"}],"predecessor-version":[{"id":2096,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2091\/revisions\/2096"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2093"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Advance-UAF-Vulnerability-Affecting-Microsoft-Office-to-Patched-Today-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Advance-UAF-Vulnerability-Affecting-Microsoft-Office-to-Patched-Today-image1.png\")
<\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Advance-UAF-Vulnerability-Affecting-Microsoft-Office-to-Patched-Today-image2-1024x535.png\")
<\/figure><\/div>\n\n\n\n