Security News > 2021 > November > Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.
Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.
Luckily, Microsoft says that the Windows Explorer preview pane is not an attack vector for the two bugs.
While Redmond released security updates for systems running Microsoft 365 Apps for Enterprise and Windows versions of Microsoft Office and Microsoft Excel, it failed to patch the vulnerabilities on macOS. Mac customers running macOS versions of Microsoft Office and Microsoft were told they'd have to wait a little longer for CVE-2021-42292 patches.
"The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available," Microsoft said.
The two bugs were discovered by security researchers with the Microsoft Threat Intelligence Center.
News URL
Related news
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-42292 | Unspecified vulnerability in Microsoft products Microsoft Excel Security Feature Bypass Vulnerability | 0.0 |
| 2021-11-10 | CVE-2021-40442 | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 0.0 |