Blog
01.21.2021

CVE-2021-1711: Microsoft Office Remote Code Execution Vulnerability

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

Microsoft Office Remote Code Execution Vulnerability

CVE-2021-1711: MS Office (RCE): Virsec Risk Index: 50%

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

CVSS Base score of this vulnerability is 7.8 High.  CVSS:3.1/AV:L/AC:L/PR:N/UI:Y/S:U/C:N/I:N/A:H

1.3        Affected Version

  • Microsoft Office 2013 Service Pack 1 (64-bit editions)

  • Microsoft Office 2013 Service Pack 1 (32-bit editions)

  • Microsoft Office 2013 RT Service Pack 1

  • Microsoft Office 2010 Service Pack 2 (64-bit editions)

  • Microsoft Office 2010 Service Pack 2 (32-bit editions)

  • Microsoft Office 2016 (64-bit edition)

  • Microsoft Office 2016 (32-bit edition)

  • Microsoft 365 Apps for Enterprise for 64-bit Systems

  • Microsoft 365 Apps for Enterprise for 32-bit Systems

  • Microsoft Office 2019 for 64-bit editions

  • Microsoft Office 2019 for 32-bit editions

1.4        Vulnerability Attribution

This vulnerability is reported by - Tao Yan (@Ga1ois) from Palo Alto Networks and Bo Qu of Palo Alto Networks.

1.5        Risk Impact

As per this website, MS office has around 41% market share. According to Microsoft's FY20 Q1 results, Office 365 now has 200 million monthly active users.

Any vulnerability in office product would allow attacker to plant millions of backdoor on user machines and then use them as lateral movement.

Public exploit is not available.

1.6        Virsec Security Platform (VSP) Support:

VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Jump to: List of CVE Vulnerabilities

Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!

About the Author
Satya Gupta is Virsec’s visionary founder, with over 25 years of expertise in embedded systems, network security and systems architecture. Satya has helped build and guide the company through key growth phases from initial funding (2015), developing core technology with key partners including Raytheon and Lockheed (2016-2018), to launching an enterprise class, GA product (2019). Prior to this, Satya built a highly profitable software design and consulting business targeting data networking, application security and industrial automation projects. He was also Director of Firmware Engineering at Narad Networks and Managing Director and Chief Engineer at Eastern Telecom and Tech Ltd. Satya has more than 40 patents in complex firmware architecture with products deployed to hundreds of thousands of users. He holds a BS degree in Engineering from the Indian Institute of Technology in Kanpur and additional degrees from the University of Massachusetts at Lowell.