Microsoft Office Vulnerabilities
Fix Microsoft Office on Windows Server
30 entries · Windows Server · Sorted by severity
Showing 1–30 of 30 results
| Severity | Title | CVSS | |||||
|---|---|---|---|---|---|---|---|
| Active exploitation | HIGHCISA KEV | KB5014678: Windows 10, Windows 11 +3 more Security Update (June 2022)Microsoft Support Diagnostic Tool (MSDT) Remote Code Execution — Follina (CVE-2022-30190)Microsoft Office | CVE-2022-30190 | 7.8 | In the wild | No Reboot | Script |
HIGH | Microsoft 365 Apps Must Be Updated Independently from Windows UpdateMicrosoft 365 Apps (Office) — Click-to-Run Missing Security Update (General Guidance)Microsoft Office | — | — | Varies by CVE | No Reboot | Script | |
| Active exploitation | HIGHCISA KEV | KB3114375: Windows Server Security Update (May 2017)Microsoft Office Use-After-Free Vulnerability (CVE-2017-0261)Microsoft Office | CVE-2017-0261 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Publisher Security Feature Bypass Vulnerability (CVE-2023-21715)Microsoft Office | CVE-2023-21715 | 7.3 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Excel Remote Code Execution Vulnerability (CVE-2007-0671)Microsoft Office | CVE-2007-0671 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Remote Code Execution (CVE-2009-0238)Microsoft Office | CVE-2009-0238 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB4011574: Windows Server Security Update (January 2018)Microsoft Office Memory Corruption Vulnerability (CVE-2018-0798)Microsoft Office | CVE-2018-0798 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB5002713: Windows Server Security Update (January 2026)Microsoft Office Security Feature Bypass Vulnerability (CVE-2026-21509)Microsoft Office | CVE-2026-21509 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Object Record Corruption Vulnerability (CVE-2009-0557)Microsoft Office | CVE-2009-0557 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Buffer Overflow Vulnerability (CVE-2009-0563)Microsoft Office | CVE-2009-0563 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)Microsoft Office | CVE-2015-1770 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB3118307: Windows Server Security Update (October 2016)Microsoft Office Memory Corruption Vulnerability (CVE-2016-7193)Microsoft Office | CVE-2016-7193 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Memory Corruption Vulnerability (CVE-2015-1642)Microsoft Office | CVE-2015-1642 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Stack-based Buffer Overflow Vulnerability (CVE-2010-3333)Microsoft Office | CVE-2010-3333 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB4011574: Windows Server Security Update (January 2018)Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802)Microsoft Office | CVE-2018-0802 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB4011162: Windows Server Security Update (October 2017)Microsoft Office Outlook Security Feature Bypass Vulnerability (CVE-2017-11774)Microsoft Office | CVE-2017-11774 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB4493225: Windows Server Security Update (March 2021)Microsoft Office Remote Code Execution Vulnerability (CVE-2021-27059)Microsoft Office | CVE-2021-27059 | 7.6 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB5001958: Windows Server Security Update (September 2021)Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2021-38646)Microsoft Office | CVE-2021-38646 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office PowerPoint Code Injection Vulnerability (CVE-2009-0556)Microsoft Office | CVE-2009-0556 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Buffer Overflow Vulnerability (CVE-2013-1331)Microsoft Office | CVE-2013-1331 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641)Microsoft Office | CVE-2015-1641 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB3213623: Windows Server Security Update (October 2017)Microsoft Office Remote Code Execution Vulnerability (CVE-2017-11826)Microsoft Office | CVE-2017-11826 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB3213545: Windows Server Security Update (July 2017)Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8570)Microsoft Office | CVE-2017-8570 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB2596915: Windows Server Security Update (June 2016)Microsoft Office OLE DLL Side Loading Vulnerability (CVE-2016-3235)Microsoft Office | CVE-2016-3235 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB3162047: Windows Server Security Update (November 2017)Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)Microsoft Office | CVE-2017-11882 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB3114375: Windows Server Security Update (May 2017)Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262)Microsoft Office | CVE-2017-0262 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB4486670: Windows Server Security Update (November 2021)Microsoft Excel Security Feature Bypass (CVE-2021-42292)Microsoft Office | CVE-2021-42292 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office < 16.106.26020821Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability (CVE-2026-21514)Microsoft Office | CVE-2026-21514 | 7.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability (CVE-2012-1856)Microsoft Office | CVE-2012-1856 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Office Malformed EPS File Vulnerability (CVE-2015-2545)Microsoft Office | CVE-2015-2545 | 7.8 | In the wild | Reboot Required | Script |