Important 2018-03 archive

Executive Summary

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in an Excel worksheet that specifies a macro should be run. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by enforcing macro settings on Excel documents.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
More Likely
MS Exploit Likelihood
Category Security Feature Bypass
Released Mar 13 2018
Last Updated Mar 13 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

11 affected products
Product KB Article Severity Impact Restart Required
Microsoft Excel 2007 Service Pack 3 4011714 (Security Update) Important Security Feature Bypass Maybe
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4011675 (Security Update) Important Security Feature Bypass Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4011675 (Security Update) Important Security Feature Bypass Maybe
Microsoft Excel 2013 RT Service Pack 1 4018291 (Security Update) Important Security Feature Bypass Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4018291 (Security Update) Important Security Feature Bypass Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4018291 (Security Update) Important Security Feature Bypass Maybe
Microsoft Excel 2016 (32-bit edition) 4011727 (Security Update) Important Security Feature Bypass Maybe
Microsoft Excel 2016 (64-bit edition) 4011727 (Security Update) Important Security Feature Bypass Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Important Security Feature Bypass No
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Important Security Feature Bypass No
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Security Feature Bypass No

Patches

6 patches
Article Type Restart
4011714 Security Update Maybe
4011675 Security Update Maybe
4018291 Security Update Maybe
4011727 Security Update Maybe
Click to Run Security Update No
Release Notes Security Update No

Known Exploits

Acknowledgments

Tom Hoke of Microsoft Corporation