IRONSMITHINTEL
HIGHCVSS8.8
|
Actively Exploited
|CISA KEV|CVE-2019-1297|Auth: none — unauthenticated|Reboot: required|Manual only

KB4475566: Windows Server Security Update (September 2019)

A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.

Published Sep 11, 2019 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-03-17 under CISA BOD 22-01.

How the attack worksNo clicks needed

This vulnerability affects Microsoft Excel. A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Exploitation requires remote network access, low attack complexity, no authentication required, and user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running excel: 2010, 2013, 2016; office: 2016, 2019; office 365 proplus: -
Fixed inKB4475566, KB4475574, KB4475579 (applies to 13 product versions) — build https://aka.ms/OfficeSecurityReleases
Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2022-03-03 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-03-17.

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB4475566

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

    1
    KB4475566 — https://support.microsoft.com/help/4475566
    1
    KB4475574 — https://support.microsoft.com/help/4475574
    1
    KB4475579 — https://support.microsoft.com/help/4475579

Supersedes: KB4464565, KB4464572, KB4475513

Affected Products

    1
    Microsoft Excel 2010 Service Pack 2 (32-bit editions)
    1
    Microsoft Excel 2010 Service Pack 2 (64-bit editions)
    1
    Microsoft Excel 2013 RT Service Pack 1
    1
    Microsoft Excel 2013 Service Pack 1 (32-bit editions)
    1
    Microsoft Excel 2013 Service Pack 1 (64-bit editions)
    1
    Microsoft Excel 2016 (32-bit edition)
    1
    Microsoft Excel 2016 (64-bit edition)
    1
    Microsoft Office 2016 for Mac
    1
    Microsoft Office 2019 for 32-bit editions
    1
    Microsoft Office 2019 for 64-bit editions
    1
    Microsoft Office 2019 for Mac
    1
    Office 365 ProPlus for 32-bit Systems
    1
    Office 365 ProPlus for 64-bit Systems

Fixed Build Numbers

    1
    https://aka.ms/OfficeSecurityReleases

Installation Methods

Windows Update (recommended)

1
Settings → Windows Update → Check for updates
2
The security update is offered if your system is in scope
3
Restart when prompted (may or may not be required for this update)

Microsoft Update Catalog (manual download)

1
Open https://catalog.update.microsoft.com
2
Search for KB4475566
3
Download the package matching your OS architecture and Windows build
4
Run the .msu installer with administrator privileges
5
Restart when prompted

WSUS / SCCM / Intune

Approve KB4475566 for the affected products in your update management console.

Microsoft Download Center Links

    1
    https://go.microsoft.com/fwlink/p/?linkid=831049
    1
    https://www.microsoft.com/download/details.aspx?familyid=2297d8da-f7e4-4feb-b523-4de02d5cd465
    1
    https://www.microsoft.com/download/details.aspx?familyid=24b2ce6d-b1be-46a2-89db-e1e7a81903c8
    1
    https://www.microsoft.com/download/details.aspx?familyid=46b94ad8-1a00-45d3-95fd-6b398f4ce94e
    1
    https://www.microsoft.com/download/details.aspx?familyid=51e2ed83-2fee-41d4-86f1-2b720f6159f7
    1
    (…2 more)

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB4475566','KB4475574','KB4475579') }

References

    1
    Microsoft Security Response Center: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1297
    1
    KB article: https://support.microsoft.com/help/4475566
    1
    KB article: https://support.microsoft.com/help/4475574
    1
    KB article: https://support.microsoft.com/help/4475579
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2019-1297
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1297

Discovery Credit

L4Nce working with Trend Micro's Zero Day Initiative

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2019-1297MSRC AdvisoryNVDKBKB4475566