Security News > 2021 > November > Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.
Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.
Luckily, Microsoft says that the Windows Explorer preview pane is not an attack vector for the two bugs.
While Redmond released security updates for systems running Microsoft 365 Apps for Enterprise and Windows versions of Microsoft Office and Microsoft Excel, it failed to patch the vulnerabilities on macOS. Mac customers running macOS versions of Microsoft Office and Microsoft were told they'd have to wait a little longer for CVE-2021-42292 patches.
"The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available," Microsoft said.
The two bugs were discovered by security researchers with the Microsoft Threat Intelligence Center.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-42292 | Unspecified vulnerability in Microsoft products Microsoft Excel Security Feature Bypass Vulnerability | 7.8 |
| 2021-11-10 | CVE-2021-40442 | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 7.8 |