⚠ Actively exploited
Added to CISA KEV on 2021-11-17. Federal agencies required to patch by 2021-12-01. Required action: Apply updates per vendor instructions..

CVE-2021-42292

CWE-863Incorrect AuthorizationCWE-35711 documents9 sources
Severity
7.8HIGH
EPSS
35.5%
top 2.94%
CISA KEV
KEV
Added 2021-11-17
Due 2021-12-01
Exploit
Exploited in wild
Active exploitation observed
Affected products
12
Microsoft Microsoft 365 Apps FOR EnterpriseMicrosoft Microsoft Excel 2013 Service Pack 1Microsoft Microsoft Excel 2016+9 more
Timeline
PublishedNov 10
KEV addedNov 17
KEV dueDec 1
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Excel Security Feature Bypass Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5microsoft/microsoft_excel_201616.0.0.016.0.5239.1001
CVEListV5microsoft/microsoft_excel_2013_service_pack_115.0.0.015.0.5397.1001
NVDmicrosoft/excel2013
CVEListV5microsoft/microsoft_office_201616.0.016.0.5239.1001
CVEListV5microsoft/microsoft_office_201919.0.0https://aka.ms/OfficeSecurityReleases

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-jp63-fcqh-36rc: Microsoft Excel Security Feature Bypass Vulnerability2022-05-24
CVEList
Microsoft Excel Security Feature Bypass Vulnerability2021-11-10
VulnCheck
Microsoft Excel Security Feature Bypass2021

🔍Detection Rules

1
Sigma
Office Application Initiated Network Connection To Non-Local IP

📋Vendor Advisories

2
CISA
Microsoft Excel Security Feature Bypass2021-11-17
Microsoft
Microsoft Excel Security Feature Bypass Vulnerability2021-11-09

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities2021-11-09
Krebs
Microsoft Patch Tuesday, November 2021 Edition2021-11-09
Krebs
Microsoft Patch Tuesday, November 2021 Edition2021-11-09