February 2021 security updates for Office released

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products.

Multiple updates (KB4493164, KB4493169, and KB4493179) have been released to address issues that may lead to a PowerPoint crash when opening documents containing diagrams. KB4493190 fixes another issue that causes Outlook reminders to behave unpredictably on systems whose time zones change regularly.
Three of the Office February 2021 non-security updates apply to the entire Microsoft Office 2016, Microsoft Office 2013, and Microsoft Office 2010 software suites, while four others address issues affecting the PowerPoint and Outlook apps.

The full list of updates and the Office product they apply to is embedded below.

Office Product
Knowledge Base article
Microsoft Office 2016​
Microsoft Office 2013​
Microsoft Office 2010​
Microsoft Outlook 2016​
Microsoft PowerPoint 2016​
Microsoft PowerPoint 2013​
Microsoft PowerPoint 2010​
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates.

In total, the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attackers to escalate privileges or execute arbitrary code remotely on systems running vulnerable software.

This Patch Tuesday, Microsoft also issued several SharePoint non-security updates fixing bugs that could lead to crashes or preventing users from opening some projects.
Patched Office security vulnerabilities

This month's Office security updates address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi)-based editions of Microsoft Office products to remote code execution (RCE), information disclosure, and spoofing attacks.

Microsoft rated the six RCE bugs patched in February 2021 as Important severity issues given that they could enable attackers to execute arbitrary code in the context of the currently logged-in user.

Following successful exploitation, attackers could install malicious programs, view, change, and delete data, as well as make their own admin accounts on exploited Windows devices.

TagCVE IDCVE TitleSeverity
Microsoft Office ExcelCVE-2021-24067Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24068Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24069Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2021-24070Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24071Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1726Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24066Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-24072Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top