OnlyFm252
Microsoft Office Excel

CVE-2021-42292 — Microsoft Excel Security Feature Bypass Vulnerability

Important CVSS 7.8 EPSS 0.31949 ⚠️ Exploited in the wild 2021-11 archive

Executive Summary

None

Overview

7.8
CVSS HIGH
Important
MS Severity
Exploited
MS Exploit Status
Exploitation Detected
MS Exploit Likelihood
Category Security Feature Bypass
Released Nov 9 2021
Last Updated Nov 9 2021
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known
EPSS Score 0.31949 — 0.98082 percentile
NVD CVSS 7.8 HIGH — matches MSRC

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
ATTACK VECTOR
Local
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
None
USER INTERACTION
Required
SCOPE
Unchanged
CONFIDENTIALITY
High
INTEGRITY
High
AVAILABILITY
High
EXPLOIT CODE MATURITY
Proof-of-Concept
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 7.0

EPSS Score

0.31949
probability of exploitation in the next 30 days
0.98082 percentile - updated 2026-06-21
View on FIRST.org

Affected Products

13 affected products
Product KB Article Severity Impact Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Security Feature Bypass No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Security Feature Bypass No
Microsoft Excel 2013 RT Service Pack 1 5002072 (Security Update) 5002035 (Security Update) Important Security Feature Bypass 5002043 5002007 Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 15.0.5397.1001 Maybe None Microsoft Excel 2013 Service Pack 1 (32-bit editions) 5002072 (Security Update) 5002035 (Security Update) Important Security Feature Bypass 5002043 5002007 Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 15.0.5397.1001 Maybe None Microsoft Excel 2013 Service Pack 1 (64-bit editions) 5002072 (Security Update) 5002035 (Security Update) Important Security Feature Bypass 5002043 5002007 Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 15.0.5397.1001 Maybe None Microsoft Excel 2016 (32-bit edition) 5002056 (Security Update) 4486670 (Security Update) Important Security Feature Bypass 5002030 4475514 Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 16.0.5239.1001 Maybe None Microsoft Excel 2016 (64-bit edition) 5002056 (Security Update) 4486670 (Security Update) Important Security Feature Bypass 5002030 4475514 Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 16.0.5239.1001 Maybe None Microsoft Office 2013 RT Service Pack 1 5002035 (Security Update) Important Security Feature Bypass Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 5002035 (Security Update) Important Security Feature Bypass Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 5002035 (Security Update) Important Security Feature Bypass Maybe
Microsoft Office 2016 (32-bit edition) 4486670 (Security Update) Important Security Feature Bypass Maybe
Microsoft Office 2016 (64-bit edition) 4486670 (Security Update) Important Security Feature Bypass Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Security Feature Bypass No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Security Feature Bypass No
Microsoft Office 2019 for Mac Release Notes (Security Update) Important Security Feature Bypass Maybe
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Security Feature Bypass No
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Security Feature Bypass No
Microsoft Office LTSC for Mac 2021 Release Notes (Security Update) Important Security Feature Bypass Maybe

Patches

4 patches
Article Type Restart
Click to Run Security Update No
5002035 Security Update Maybe
4486670 Security Update Maybe
Release Notes Security Update Maybe

Known Exploits

Acknowledgments

MSTIC

On This Page