Published: 10/11/2021 Updated: 28/12/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Microsoft Excel Security Feature Bypass Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft excel 2013
microsoft office 2013
microsoft office 2016
microsoft office 2019
microsoft 365 apps -
microsoft office long term servicing channel 2021

A Zeek package to detect CVE-2021-42292, a Microsoft Excel local privilege escalation exploit.

CVE-2021-42292 This package will detect exploits of CVE-2021-42292, a Microsoft Excel local privilege escalation vulnerability, and generate a notice in noticelog for it corelightcom/blog/detecting-cve-2021-42292 Detection Method: This package detects the vulnerability when the triggering Excel spreadsheet downloads a second spreadsheet The second spreadsheet is exe

Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws

The Register • Thomas Claburn in San Francisco • 09 Nov 2021

Get our weekly newsletter Light load has infosec bods wondering what awaits next month

Patch Tuesday As the US season of giving thanks and turkey carnage approaches, let us reflect upon Microsoft's November Patch Tuesday, which has bestowed 55 CVEs and the promise of continued employment for the IT admins who have to clean up the recurring mess of software. Only six of the vulnerabilities are considered "Critical," the rest are just "Important." Affected applications include: 3D Viewer, Azure (including RTOS and Sphere), Dynamics, Edge, Exchange Server, Office, Power BI, Role: Win...

CVE-2021-42292

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect