Updates February 2021 security updates for Office released

silversurfer

Level 72
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,146
Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products.

Multiple updates (KB4493164, KB4493169, and KB4493179) have been released to address issues that may lead to a PowerPoint crash when opening documents containing diagrams. KB4493190 fixes another issue that causes Outlook reminders to behave unpredictably on systems whose time zones change regularly.
Three of the Office February 2021 non-security updates apply to the entire Microsoft Office 2016, Microsoft Office 2013, and Microsoft Office 2010 software suites, while four others address issues affecting the PowerPoint and Outlook apps.

The full list of updates and the Office product they apply to is embedded below.

Office Product
Knowledge Base article
Microsoft Office 2016​
Microsoft Office 2013​
Microsoft Office 2010​
Microsoft Outlook 2016​
Microsoft PowerPoint 2016​
Microsoft PowerPoint 2013​
Microsoft PowerPoint 2010​
 

silversurfer

Level 72
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,146
Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates.

In total, the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attackers to escalate privileges or execute arbitrary code remotely on systems running vulnerable software.

This Patch Tuesday, Microsoft also issued several SharePoint non-security updates fixing bugs that could lead to crashes or preventing users from opening some projects.
Patched Office security vulnerabilities

This month's Office security updates address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi)-based editions of Microsoft Office products to remote code execution (RCE), information disclosure, and spoofing attacks.

Microsoft rated the six RCE bugs patched in February 2021 as Important severity issues given that they could enable attackers to execute arbitrary code in the context of the currently logged-in user.

Following successful exploitation, attackers could install malicious programs, view, change, and delete data, as well as make their own admin accounts on exploited Windows devices.

TagCVE IDCVE TitleSeverity
Microsoft Office ExcelCVE-2021-24067Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24068Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24069Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24070Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24071Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1726Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24066Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24072Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
 
Top