February 2021 security updates for Office released

[silversurfer]

Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products.

Multiple updates (KB4493164, KB4493169, and KB4493179) have been released to address issues that may lead to a PowerPoint crash when opening documents containing diagrams. KB4493190 fixes another issue that causes Outlook reminders to behave unpredictably on systems whose time zones change regularly.

Three of the Office February 2021 non-security updates apply to the entire Microsoft Office 2016, Microsoft Office 2013, and Microsoft Office 2010 software suites, while four others address issues affecting the PowerPoint and Outlook apps.

The full list of updates and the Office product they apply to is embedded below.

Office Product​	Knowledge Base article​
Microsoft Office 2016​	KB4493189​
Microsoft Office 2013​	KB4486684​
Microsoft Office 2010​	KB4493180​
Microsoft Outlook 2016​	KB4493190​
Microsoft PowerPoint 2016​	KB4493164​
Microsoft PowerPoint 2013​	KB4493169​
Microsoft PowerPoint 2010​	KB4493179​

Microsoft fixes PowerPoint crashes in Office February updates

Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products.

www.bleepingcomputer.com

 

[silversurfer]

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates.

In total, the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attackers to escalate privileges or execute arbitrary code remotely on systems running vulnerable software.

This Patch Tuesday, Microsoft also issued several SharePoint non-security updates fixing bugs that could lead to crashes or preventing users from opening some projects.

Patched Office security vulnerabilities

This month's Office security updates address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi)-based editions of Microsoft Office products to remote code execution (RCE), information disclosure, and spoofing attacks.

Microsoft rated the six RCE bugs patched in February 2021 as Important severity issues given that they could enable attackers to execute arbitrary code in the context of the currently logged-in user.

Following successful exploitation, attackers could install malicious programs, view, change, and delete data, as well as make their own admin accounts on exploited Windows devices.

Tag	CVE ID	CVE Title	Severity
Microsoft Office Excel	CVE-2021-24067	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-24068	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-24069	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2021-24070	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-24071	Microsoft SharePoint Information Disclosure Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-1726	Microsoft SharePoint Spoofing Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-24066	Microsoft SharePoint Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2021-24072	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important

Microsoft Office February security updates patch Sharepoint, Excel RCE bugs

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates.

www.bleepingcomputer.com