QID 110435

Date Published: 2023-05-10

QID 110435: Microsoft Office Security Update for May 2023

Microsoft has released May 2023 security updates to fix multiple security vulnerabilities.

This security update contains the following:

Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002369
KB5002365
KB5002372
KB5002386
KB5002384
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsft Office. Patched Versions for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office LTSC 2021, and Office 2021 are as follows
Current Channel: Version 2304 (Build 16.0.16327.20248)
Monthly Enterprise Channel: Version 2303 (Build 16.0.16227.20318)
Monthly Enterprise Channel: Version 2302 (Build 16.0.16130.20500)
Semi-Annual Enterprise Channel (Preview): Version 2302 (Build 16.0.16130.20500)
Semi-Annual Enterprise Channel: Version 2208 (Build 16.0.15601.20660)
Semi-Annual Enterprise Channel: Version 2202 (Build 16.0.14931.21000)
Office 2021 Retail: Version 2304 (Build 16.0.16327.20248)
Office 2019 Retail: Version 2304 (Build 16.0.16327.20248)
Office 2016 Retail: Version 2304 (Build 16.0.16327.20248)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 16.0.14332.20503)
Office 2019 Volume Licensed: Version 1808 (Build 16.0.10398.20008)

For traditional MSI Installations, following KBs and version are the required:
KB5002369 - 16.0.5395.1000 (Winword.exe)
KB5002365 - 15.0.5553.1000 (Winword.exe)
KB5002372 - 16.0.10398.20000 (microsoft.office.web.agentmanager.exe)
KB5002386 - 16.0.5395.1000 (Excel.exe)
KB5002384 - 15.0.5553.1000 (Excel.exe)

QID Detection Logic (Authenticated):
Operating System: MacOS
The QID checks the installed applications on the MacOS host to find the installed Microsoft Office Apps. Microsoft Office Apps lower than 16.73 are vulnerable.

Successful exploitation allows an attacker to execute code remotely.

CVSS V3 rated as High - 7.8 severity.

CVSS V2 rated as High - 6.6 severity.

Solution

Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002369
KB5002365
KB5002372
KB5002386
KB5002384

Vendor References

KB5002365 - support.microsoft.com/KB/5002365
KB5002369 - support.microsoft.com/KB/5002369
KB5002372 - support.microsoft.com/KB/5002372
KB5002384 - support.microsoft.com/KB/5002384
KB5002386 - support.microsoft.com/KB/5002386

CVEs related to QID 110435

CVE-2023-29344 | CVE-2023-29335 | CVE-2023-29333 | CVE-2023-24953 |

Software Advisories

Advisory ID	Software	Component	Link
Microsoft office May 2023			msrc.microsoft.com/update-guide/

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].