Detections
Analytics
Security Updates for Microsoft Office Products C2R (Aug 2024)
high Nessus Plugin ID 206023
Language:
Synopsis
The Microsoft Office Products are missing a security update.Description
The Microsoft Office Products are missing security updates.It is, therefore, affected by multiple vulnerabilities:
- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-38169, CVE-2024-38170, CVE-2024-38171, CVE-2024-38172, CVE-2024-38173, CVE-2024-38189)
- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2024-38200) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.See Also
Plugin Details
Severity: High
ID: 206023
File Name: smb_nt_ms24_aug_office_c2r.nasl
Version: 1.2
Type: local
Agent: windows
Family: Windows
Published: 8/21/2024
Updated: 8/21/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-38189
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:office
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/13/2024
Vulnerability Publication Date: 8/13/2024
CISA Known Exploited Vulnerability Due Dates: 9/3/2024
Reference Information
CVE: CVE-2024-38169, CVE-2024-38170, CVE-2024-38171, CVE-2024-38172, CVE-2024-38173, CVE-2024-38189, CVE-2024-38200