QID 110441

Date Published: 2023-07-12

QID 110441: Microsoft Office Security Update for July 2023

Microsoft has released July 2023 security updates to fix multiple security vulnerabilities.

This security update contains the following:

Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002406
KB5002411
KB5002421
KB5002058
KB5002419
KB4493154
KB5002069
KB5002400
KB5001952
KB5002426
KB5002434
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office. Patched Versions for Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office Current Channel: Version 2306 (16.0.16529.20182) Monthly Enterprise Channel: Version 2305 (16.0.16501.20242).
Monthly Enterprise Channel: Version 2304 (16.0.16327.20348).
Semi-Annual Enterprise Channel (Preview): Version 2302 (16.0.16130.20644).
Semi-Annual Enterprise Channel: Version 2302 (16.0.16130.20644).
Semi-Annual Enterprise Channel: Version 2208 (16.0.15601.20706).
Semi-Annual Enterprise Channel: Version 2202 (16.0.14931.21040).
Office 2021 Retail: Version 2306 (16.0.16529.20182).
Office 2019 Retail: Version 2306 (16.0.16529.20182).
Office 2016 Retail: Version 2306 (16.0.16529.20182).
Office LTSC 2021 Volume Licensed: Version 2108 (16.0.14332.20529).
Office 2019 Volume Licensed: Version 1808 (16.0.10400.20007).
KB5002406 - 16.0.5404.1000 (Excel.exe)
KB5002058 - 16.0.5404.1000 (Excel.exe)
KB5002419 - 16.0.5404.1000 (mso.dll)
KB4493154 - 16.0.5404.1000 (igx.dll)
KB5002411 - 15.0.5571.1000 (winword.exe)
KB5002434 - 15.0.5571.1000 (excel.exe)BR KB5002069 - 15.0.5571.1000 (msrtedit.dll)

Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

Successful exploitation allows an attacker to execute code remotely.

CVSS V3 rated as Critical - 9.6 severity.

CVSS V2 rated as Critical - 9.3 severity.

Solution

Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

Office Click-2-Run and Office 365 Release Notes
Release notes for Office for Mac
KB5002416
KB5002406
KB5002411
KB5002421
KB5002058
KB5002419
KB4493154
KB5002069
KB5002400
KB5001952
KB5002426
KB5002434

Vendor References

KB4493154 - support.microsoft.com/KB/4493154
KB5001952 - support.microsoft.com/KB/5001952
KB5002058 - support.microsoft.com/KB/5002058
KB5002069 - support.microsoft.com/KB/5002069
KB5002400 - support.microsoft.com/KB/5002400
KB5002406 - support.microsoft.com/KB/5002406
KB5002411 - support.microsoft.com/KB/5002411
KB5002419 - support.microsoft.com/KB/5002419
KB5002421 - support.microsoft.com/KB/5002421
KB5002426 - support.microsoft.com/KB/5002426
KB5002434 - support.microsoft.com/KB/5002434

CVEs related to QID 110441

CVE-2023-33158 | CVE-2023-33162 | CVE-2023-33161 | CVE-2023-33149 | CVE-2023-33152 | CVE-2023-33150 | CVE-2023-33148 |

Software Advisories

Advisory ID	Software	Component	Link
Microsoft office July 2023			msrc.microsoft.com/update-guide/

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].