An unsupported version of ASP.NET Core is installed on the remote host.

According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of ASP.NET Core that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\5.0.17
Installed version : 5.0.17
Security End of Life : May 9, 2022
Time since Security End of Life (Est.) : >= 3 years

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\5.0.17
Installed version : 5.0.17
Security End of Life : May 9, 2022
Time since Security End of Life (Est.) : >= 3 years

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5063877. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5063877

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.017

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/08/12, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5063877

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.7671

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5066586. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5066586

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

9.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0824

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

The remote host is missing one of the following rollup KBs :
- 5066586

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.7919

An application installed on the remote host is affected by multiple vulnerabilities.

The Microsoft Office application or Microsoft Office Services and Web Apps installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass of security restrictions and the execution of arbitrary commands. (CVE-2016-7262)

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to a failure to properly handle objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7263, CVE-2016-7277, CVE-2016-7289, CVE-2016-7298)

- Multiple information disclosure vulnerabilities exist in Microsoft Office software due to an out-of-bounds memory read error. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7264, CVE-2016-7265, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291)

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of registry settings when running embedded content. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted document file multiple times, resulting in a bypass of security restrictions and the execution of arbitrary commands.
(CVE-2016-7266)

- A security bypass vulnerability exists in Microsoft Office due to improper parsing of file formats. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass security restrictions.
(CVE-2016-7267)

- An elevation of privilege vulnerability exists in Microsoft Office due to improper validation before loading libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2016-7275)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010; Microsoft Publisher 2010 Office Compatibility Pack; Excel Viewer; Word Viewer; Microsoft SharePoint Server 2007 and 2010; and Office Web Apps 2010.

High

9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

9.2 (CVSS:3.0/E:H/RL:O/RC:C)

9.8

0.8709

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/12/14, Modified: 2023/04/25

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4471.1000

An unsupported version of Microsoft .NET Core is installed on the remote host.

According to its version, the Microsoft .NET Core installed on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of Microsoft .NET Core that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/03/07, Modified: 2023/03/07

Path : C:\Program Files\dotnet\shared\Microsoft.NetCore.App\5.0.17\
Installed version : 5.0.17.31213
Security End of Life : May 9, 2022
Time since Security End of Life (Est.) : >= 3 years

The remote Windows host is affected by a security feature bypass vulnerability.

The version of ASP.NET Core installed on the remote Windows host is 8.0.x prior to 8.0.21, 9.0.x prior to 9.0.10, or 10.0.0-rc.1.25451.107. It is, therefore, affected by a security feature bypass vulnerability.
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Update .NET Core to version 8.0.21, 9.0.10, 10.0.0-rc.2.25502.107 or later.

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)

10.0

0.0004

8.7 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P)

I

Published: 2025/10/17, Modified: 2025/10/17

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\8.0.8
Installed version : 8.0.8
Fixed version : 8.0.21

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.8
Installed version : 8.0.8
Fixed version : 8.0.21

The Microsoft Excel Products are missing a security update.

The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0901)

Microsoft has released the following security updates to address this issue:
-KB4484365
-KB4484384
-KB4484338

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.4586

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.5 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2020/05/12, Modified: 2022/06/10

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.5005.1000

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4993.1001

The Microsoft Office Products are affected by multiple vulnerabilities.

The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities:

- An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. (CVE-2019-1084)

- A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents. An attacker who successfully exploited this vulnerability could read or write information in Office documents. (CVE-2019-1109)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.(CVE-2019-1111)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory.
An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it.
An attacker must know the memory address location where the object was created. (CVE-2019-1112) The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

Microsoft has released the following security updates to address this issue:
-KB4462224
-KB4464558
-KB4464543
-KB4018375
-KB4475514
-KB4464534
-KB4461539

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

High

9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

7.9 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.2706

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

Published: 2019/07/09, Modified: 2022/06/10

Product : Microsoft Office 2016
KB : 4464534
- C:\Program Files\Microsoft Office\Office16\osf.dll has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4873.1000

Product : Microsoft Office 2016
KB : 4475514
- C:\Program Files\Common Files\Microsoft Shared\Office16\mso99lwin32client.dll has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4873.1000

Product : Microsoft Office 2016
KB : 4461539
- C:\Program Files\Microsoft Office\Office16\graph.exe has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4873.1000

The Microsoft Office Products are affected by multiple vulnerabilities.

The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.
(CVE-2019-1402)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1448)

- A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.
(CVE-2019-1449)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-1446)

Microsoft has released the following security updates to address this issue:
-KB4484152
-KB4484160
-KB4484148
-KB4484127
-KB4484113
-KB4484119

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.3802

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

Published: 2019/11/12, Modified: 2022/06/10

Product : Microsoft Office 2016
KB : 4484148
- C:\Program Files\Microsoft Office\Office16\graph.exe has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4927.1000

Product : Microsoft Office 2016
KB : 4484113
- C:\Program Files\Common Files\Microsoft Shared\Office16\acecore.dll has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4927.1000

The Microsoft Word Products are missing a security update.

The Microsoft Word Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.

Microsoft has released the following security updates to address this issue:
-KB5002316
-KB5002323

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.9115

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2023/02/14, Modified: 2023/05/11

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.5383.1000

The Microsoft Word Products are missing a security update.

The Microsoft Word Products are missing a security update. It is, therefore, affected by a security feature bypass vulnerability. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Microsoft has released the following security updates to address this issue:
-KB5002406
-KB5002411

Critical

9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

8.3 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0105

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2023/07/11, Modified: 2023/08/11

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.5404.1000

The Microsoft Outlook application installed on the remote host is missing a security update.

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.

Microsoft has released the following security updates to address this issue:
-KB5002265
-KB5002254

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.8

0.9364

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2023/03/14, Modified: 2023/06/16

Product : Outlook 2016
- C:\Program Files\Microsoft Office\Office16\Outlook.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.5387.1000

At least one improperly configured Windows service may have a privilege escalation vulnerability.

At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks.
An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.

This plugin checks if any of the following groups have permissions to modify executable files that are started by Windows services :

- Everyone
- Users
- Domain Users
- Authenticated Users

Ensure that the Everyone, Users, Domain Users and Authenticated Users groups do not have permissions to modify or write service executables. Additionally, ensure these groups do not have Full Control permission to any directories that contain service executables.

High

8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published: 2013/03/06, Modified: 2025/03/14

Path : d:\nexsus\nexsus_patch\nexcommserver\nexsus.commserver.exe
Used by services : Nexsus Communication Server
File write allowed for groups : Users (S-1-5-32-545)
Full control of directory allowed for groups : Users (S-1-5-32-545)

Path : d:\nexsus\nexsus_patch\nexsus.maxdial.emailservice\nexsusemailservice.exe
Used by services : NexsusEmailService
File write allowed for groups : Users (S-1-5-32-545)
Full control of directory allowed for groups : Users (S-1-5-32-545)

Path : d:\nexsus\nexsus_patch\nexsus.maxdial.voicelogservice_web_lkp\nexsus.callbalancel.voicelogservice.exe
Used by services : CallBalanceClopsVoiceLogService_LKP
File write allowed for groups : Users (S-1-5-32-545)
Full control of directory allowed for groups : Users (S-1-5-32-545)

Path : d:\nexsus\nexsus_services\nexsus.maxdial.userstatusvalidator_web\nexsus.maxdial.userstatusvalidator.exe
Used by services : Nexsus.UserStatusValidatorWeb
File write allowed for groups : Users (S-1-5-32-545)
Full control of directory allowed for groups : Users (S-1-5-32-545)

Bad Shares :

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5053596. It is, therefore, affected by multiple vulnerabilities

- Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. (CVE-2025-26645)

- Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. (CVE-2025-24035, CVE-2025-24045)

- ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record's reference information. (CVE-2024-9157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5053596

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.5

0.5654

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/03/11, Modified: 2025/09/17

The remote host is missing one of the following rollup KBs :
- 5053596

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.7009

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5055519. It is, therefore, affected by multiple vulnerabilities

- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5055519

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.2827

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/04/08, Modified: 2025/09/17

The remote host is missing one of the following rollup KBs :
- 5055519

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.7131

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5058392. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)

- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)

- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5058392

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.2127

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/05/13, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5058392

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.7309

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5060531. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)

- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)

- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5060531

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.7

0.5119

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2025/06/10, Modified: 2025/10/21

The remote host is missing one of the following rollup KBs :
- 5060531

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.7434

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5062557. It is, therefore, affected by multiple vulnerabilities

- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)

- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)

- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5062557

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0055

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/07/08, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5062557

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.7558

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5065428. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5065428

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0073

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/09, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5065428

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.7786

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5068791. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information.
(CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5068791

Critical

7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.0009

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/14

The remote host is missing one of the following rollup KBs :
- 5068791

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.8024

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5071544. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5071544

Critical

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.0821

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/17

The remote host is missing one of the following rollup KBs :
- 5071544

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6893
Should be : 10.0.17763.8146

Arbitrary code can be executed on the remote host through Microsoft XML Core Services.

The version of Microsoft XML Core Services installed on the remote Windows host is affected by multiple code execution vulnerabilities when visiting a specially crafted web page using Internet Explorer.

Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2, 8, 2012, Office 2003, 2007, Word Viewer, Office Compatibility Pack, Expression Web Service, Expression Web 2, SharePoint Server 2007 and Groove Server 2007.

High

6.7

0.6508

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2013/01/09, Modified: 2018/11/15

- C:\Program Files (x86)\Common Files\Microsoft Shared\Office11\Msxml5.dll has not been patched.
Remote version : 5.20.1072.0
Should be : 5.20.1099.0

The remote Windows host is affected by multiple remote code execution vulnerabilities.

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, PowerPoint, Visio, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Word Web Apps, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-1642, CVE-2015-2467, CVE-2015-2468, CVE-2015-2469, CVE-2015-2477)

- An information disclosure vulnerability exists when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.
(CVE-2015-2423)

- A remote code execution vulnerability exists due a failure to properly validate templates. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted template file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2466)

- A remote code execution vulnerability exists when Office decreases an integer value beyond its intended minimum value. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2470)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, SharePoint Server 2010, SharePoint Server 2013, Microsoft Office Compatibility Pack, Microsoft Word Web Apps 2010, and Microsoft Office Web Apps 2013.

High

8.9

0.7288

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2015/08/12, Modified: 2023/02/16

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4288.1000

The remote Windows host is affected by multiple remote code execution vulnerabilities.

The remote Windows host has a version of Microsoft Office, Excel, Excel Viewer, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Office Web Apps, and/or Microsoft SharePoint Foundation installed that is affected by one or more of the following vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2520, CVE-2015-2521, CVE-2015-2523)

- A cross-site scripting vulnerability exists in SharePoint due to improper sanitization of user-supplied web requests. A remote attacker can exploit this vulnerability, via a specially crafted web request, to execute arbitrary script code in the context of the current user. (CVE-2015-2522)

- A remote code execution vulnerability exists in Microsoft Office due to improper handling of malformed graphics images. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted EPS image binary, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2545)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, SharePoint Server 2013, Microsoft Office Compatibility Pack, and Microsoft Office Web Apps 2013.

High

9.6

0.9345

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Core Impact (true)

Published: 2015/09/09, Modified: 2022/03/08

Product : Microsoft Office 2016
KB : 3085635
- C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\epsimp32.flt has not been patched.
Remote version : 2012.1600.4266.1001
Should be : 2012.1600.4300.1002

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4288.1000

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Excel, Excel Viewer, SharePoint Server, Microsoft Office Compatibility Pack, or Microsoft Office Web Apps installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2555, CVE-2015-2557, CVE-2015-2558)

- An information disclosure vulnerability exists in the SharePoint InfoPath Forms Services due to improper parsing of document type definitions (DTD) in XML files.
A remote attacker can exploit this, via a crafted XML file, to browse the contents of arbitrary files on a SharePoint server. (CVE-2015-2556)

- A cross-site scripting vulnerability exists in Office Web Apps Server due to improper sanitization of crafted requests before returning it to the user. A remote attacker can exploit this to run arbitrary script code in the user's browser session. (CVE-2015-6037)

- A security feature bypass vulnerability exists in SharePoint due to improper enforcement of permission levels for applications or users. This allows Office Marketplace to inject JavaScript code that will persist in a SharePoint page. A remote attacker can exploit this to conduct a cross-site scripting attack, resulting in execution of arbitrary code in the user's browser session. (CVE-2015-6039)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016; SharePoint Server 2007, 2010, 2013; Microsoft Office Compatibility Pack SP3; Microsoft Excel Viewer; and Microsoft Office Web Apps 2010, 2013.

High

6.7

0.4303

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

Published: 2015/10/13, Modified: 2018/07/30

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4288.1000

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Access, Excel, InfoPath, OneNote, PowerPoint, Project, Publisher, Visio, Word, Excel Viewer, Word Viewer, SharePoint Server, Office Compatibility Pack, Office Web Apps, Skype for Business, or Lync installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-6038, CVE-2015-6091, CVE-2015-6092, CVE-2015-6093, CVE-2015-6094)

- An elevation of privilege vulnerability exists when an attacker instantiates an affected Office application via a COM control. An attacker who successfully exploits this vulnerability can gain elevated privileges and break out of the Internet Explorer sandbox.
(CVE-2015-2503)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016; SharePoint Server 2007, 2010, 2013; Office Compatibility Pack, Excel Viewer, Word Viewer, Office Web Apps 2010 and 2013, and Lync 2013 and 2016.

High

8.9

0.4348

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2015/11/10, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1001

Product : OneNote 2016
- C:\Program Files\Microsoft Office\Office16\OneNote.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1001

Product : PowerPoint 2016
- C:\Program Files\Microsoft Office\Office16\ppcore.dll has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1001

Product : Publisher 2016
- C:\Program Files\Microsoft Office\Office16\Mspub.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1000

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1001

The remote Windows host is affected by multiple remote code execution vulnerabilities.

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, or Microsoft Office Compatibility Pack installed that is affected by multiple remote code execution vulnerabilities :

- Multiple memory corruption issues exist due to improper handling of objects in memory. A remote attacker can exploit these issues by convincing a user to open a specially crafted file in an affected version of Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-6040, CVE-2015-6118, CVE-2015-6122, CVE-2015-6124, CVE-2015-6177)

- A remote code execution vulnerability exists due to improper parsing of email messages. A remote attacker can exploit this vulnerability by convincing a user to open or preview a specially crafted email message, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-6172)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, and Microsoft Office Compatibility Pack.

High

8.9

0.3755

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2015/12/08, Modified: 2023/02/17

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4312.1001

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint, Visual Basic, or Microsoft Office Compatibility Pack installed that is affected by multiple vulnerabilities :

- Multiple cross-site scripting vulnerabilities exist in Microsoft SharePoint due to improper enforcement of Access Control Policy (ACP) configuration settings. A remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2015-6117, CVE-2016-0011)

- Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper handling of objects in memory. An attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in execution of arbitrary code in the context of the current user. (CVE-2016-0010, CVE-2016-0035)

- An information disclosure vulnerability exists in Microsoft Office due to a failure to use the Address Space Layout Randomization (ASLR) security feature. An attacker can exploit this to predict memory offsets of specific instructions in a call stack. (CVE-2016-0012)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint Server 2013, SharePoint Foundation 2013, Microsoft Office Compatibility Pack, and Visual Basic 6.0 Runtime.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.5962

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2016/01/12, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4324.1001

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4324.1000

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, SharePoint, Microsoft Office Compatibility Pack, or Office Web Apps installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0022, CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-2015-0056)

- A cross-site scripting vulnerability exists in SharePoint due to improper sanitization of specially crafted web requests. An authenticated, remote attacker can exploit this, via a specially crafted web request, to execute arbitrary script code in a user's browser session. (CVE-2016-0039)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, and 2016; Word, Word Viewer, Excel, Excel Viewer; SharePoint Server 2007, 2010, and 2013; SharePoint Foundation 2013, Microsoft Office Compatibility Pack, and Office Web Apps.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.3152

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/02/09, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4339.1000

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4339.1000

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Office Web Apps, Microsoft SharePoint, Microsoft Word, or Word Viewer installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. An attacker can exploit these, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-0021, CVE-2016-0134)

- A security feature bypass vulnerability exists in Microsoft Office software due to an improperly signed binary file. An attacker with write access to the target host can exploit this, by overwriting the file with a malicious binary with a similar configuration, to execute arbitrary code. (CVE-2016-0057).

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft InfoPath 2007, 2010 and 2013; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; SharePoint Server 2010 and 2013; Microsoft Office Compatibility Pack; and Office Web Apps 2010 and 2013.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

9.4

0.4852

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/03/08, Modified: 2023/02/17

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4351.1001

An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.

The version of Microsoft Office installed on the remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. A remote attacker can exploit these issues by convincing a user to open a specially crafted file in Microsoft Office, resulting in the execution of arbitrary code in the context of the current user.

Microsoft has released a set of patches for Microsoft Office 2010;
Microsoft Word 2007, 2010, 2013, and 2013 RT; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; Excel Viewer; SharePoint Server 2007, 2010, and 2013; Microsoft Office Compatibility Pack; and Office Web Apps 2010 and 2013.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.4064

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/04/12, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4366.1000

An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.

The version of Microsoft Office installed on the remote Windows host is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0126, CVE-2016-0140, CVE-2016-0198)

- A remote code execution vulnerability exists in the Windows Font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution arbitrary code in the context of the current user. (CVE-2016-0183)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; Microsoft Office Compatibility Pack;
Office Web Apps 2010; and Microsoft SharePoint Server 2010.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

8.9

0.4037

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2016/05/10, Modified: 2023/02/17

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4378.1001

An application installed on the remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in Microsoft Office :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these by convincing a user to open a specially crafted file or visit a website that hosts such a file, resulting in the execution of arbitrary code in the context of the user.
(CVE-2016-0025, CVE-2016-3233)

- A flaw exists due to improper disclosure of memory contents. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, resulting in the disclosure of potentially sensitive information. (CVE-2016-3234)

- A flaw exists due to improper validation of input before loading OLE library files. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2016-3235)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007 and 2010; Microsoft Visio 2007, 2010, 2013, and 2016; Visio Viewer 2007 and 2010; Word Viewer;
Microsoft Office Compatibility Pack; Office Web Apps 2010 and 2013;
Microsoft SharePoint Server 2010 and 2013; and Office Online Server.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.8116

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II