[German]On November 9, 2021 (second Tuesday of the month, Microsoft Patchday), Microsoft has released several security-related updates for still supported Microsoft Office versions and other products. Especially for Microsoft Excel a security update is important because a vulnerability is exploited. Here you can find an overview of the available updates.
Advertising
General information
The updates apply to the installable MSI version of Office (the click-to-run packages get the updates through other channels). An overview of the updates can be found on this web page (and here for November). Details are documented in the linked KB articles. Office 2019 does not appear in the list because it is distributed via click-to-run packages and receives security updates via the Office Update feature.
Vulnerabilities in Microsoft Excel
Microsoft Excel vulnerabilities CVE-2021-40442 and CVE-2021-42292 are patched. CVE-2021-42292 is a zero-day security bypass vulnerability in Microsoft Excel that has a CVSSv3 score of 7.8. Microsoft warns that this vulnerability is being exploited in the wild. However, Microsoft states that the display in the preview window is not an attack vector for this vulnerability. This means that the victim would have to open a malicious Excel document to exploit the vulnerability. Microsoft notes that patches for Office for Mac are still in the works.
Office 2016
The following security updates have been released for Office 2016.
- Excel 2016: Description of the security update for Excel 2016: November 9, 2021 (KB5002056) – closes the vulnerabilities CVE-2021-40442 and CVE-2021-42292 (Remote Execution und Security Bypass).
- Office 2016: Description of the security update for Office 2016: November 9, 2021 (KB5002032) – closes the RCE vulnerabilitiy CVE-2021-41368 in Microsoft Access.
- Office 2016: Description of the security update for Office 2016: November 9, 2021 (KB4486670) – closes the RCE vulnerabilitiy CVE-2021-42292 (Excel security bypass).
Office 2013
Office 2013 requires Service Pack 1 for Microsoft Office 2013 to be installed. The following security updates have been released. They address the same security vulnerabilities as Microsoft Office 2016.
- Excel 2013: Description of the security update for Excel 2013: November 9, 2021 (KB5002072)
- Office 2013: Description of the security update for Office 2013: November 9, 2021 (KB5002038)
- Office 2013: Description of the security update for Office 2013: November 9, 2021 (KB5002035)
More updates for Office/SharePoint Server
Microsoft has also released security updates for several versions of Microsoft SharePoint Server.
Advertising
SharePoint Server 2019
- Office Online Server: Description of the security update for Office Online Server: November 9, 2021 (KB5002053)
Microsoft SharePoint Server 2013
- Office Web Apps Server: Description of the security update for Office Web Apps Server 2013: November 9, 2021 (KB5002065)
- SharePoint Enterprise Server 2013: Description of the security update for SharePoint Enterprise Server 2013: November 9, 2021 (KB5002063)
Similar articles
Microsoft Oktober 2021 Patchday (November 9, 2021)
Patchday: Windows 10-Updates (November 9, 2021)
Patchday: Windows 8.1/Server 2012 Updates (November 9, 2021)
Patchday: Updates for Windows 7/Server 2008 R2 (November 9, 2021)
Patchday: Windows 11 Updates (November 9, 2021)
