CVE-2021-42292:Microsoft Excel Security Feature Bypass Vulnerability (CVE-2021-42292)

splash
Back

Description Preview

CVE-2021-42292 is a security feature bypass vulnerability in Microsoft Excel that could allow attackers to execute arbitrary code by bypassing security features. When successfully exploited, this vulnerability enables attackers to run malicious code in the context of the current user, potentially leading to unauthorized access and data compromise.

Overview

This vulnerability affects Microsoft Excel and allows attackers to bypass security features designed to protect users from malicious content. The vulnerability exists in how Excel handles certain file types and security controls. An attacker could exploit this vulnerability by creating a specially crafted Excel file and convincing a user to open it, which could lead to arbitrary code execution. The attack requires user interaction, but does not require elevated privileges. This vulnerability is particularly concerning as Excel is widely used in business environments, making it an attractive target for attackers seeking to compromise corporate networks.

Remediation

To mitigate this vulnerability, users and administrators should:

  1. Apply the security updates provided by Microsoft through Windows Update or Microsoft Update Catalog
  2. Install the latest security patches for Microsoft Office/Excel
  3. Exercise caution when opening Excel files from unknown or untrusted sources
  4. Consider implementing application control policies to prevent execution of unauthorized code
  5. Ensure that Microsoft Office security features are properly configured, including Protected View and macro settings
  6. Deploy Microsoft's recommended security baselines for Office applications
  7. Consider using Microsoft Defender Application Guard for Office to open untrusted documents in an isolated container

References

  1. Microsoft Security Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292
  2. Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42292
  3. Microsoft Security Updates: https://www.microsoft.com/en-us/download/details.aspx
  4. Microsoft Office Security Baselines: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/security-baselines

Early Warning

Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.

Armis Alert Date
Nov 10, 2021
CISA KEV Date
Nov 17, 2021
7days early

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Public Administration: Medium
    Public Administration
  3. Health Care & Social Assistance: Medium
    Health Care & Social Assistance
  4. Transportation & Warehousing: Medium
    Transportation & Warehousing
  5. Educational Services: Medium
    Educational Services
  6. Finance and Insurance: Low
    Finance and Insurance
  7. Retail Trade: Low
    Retail Trade
  8. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  9. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Utilities: Low
    Utilities
  12. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  13. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  14. Accommodation & Food Services: Low
    Accommodation & Food Services
  15. Construction: Low
    Construction
  16. Information: Low
    Information
  17. Mining: Low
    Mining
  18. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  19. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background