Security News > 2021 > November > Microsoft patches Excel zero-day used in attacks, asks Mac users to wait

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
2021-11-10 15:36

During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.

Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.

Luckily, Microsoft says that the Windows Explorer preview pane is not an attack vector for the two bugs.

While Redmond released security updates for systems running Microsoft 365 Apps for Enterprise and Windows versions of Microsoft Office and Microsoft Excel, it failed to patch the vulnerabilities on macOS. Mac customers running macOS versions of Microsoft Office and Microsoft were told they'd have to wait a little longer for CVE-2021-42292 patches.

"The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available," Microsoft said.

The two bugs were discovered by security researchers with the Microsoft Threat Intelligence Center.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-excel-zero-day-used-in-attacks-asks-mac-users-to-wait/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-11-10 CVE-2021-42292 Unspecified vulnerability in Microsoft products
Microsoft Excel Security Feature Bypass Vulnerability
local
low complexity
microsoft
7.8
2021-11-10 CVE-2021-40442 Unspecified vulnerability in Microsoft products
Microsoft Excel Remote Code Execution Vulnerability
local
low complexity
microsoft
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774