Share via

Security Updates about CVE-2024-21413 msrc.microsoft.com Questions about vulnerability descriptions

Anonymous
2024-02-16T01:27:08+00:00

hello

I'm checking out this new vulnerability

I have a question about the CVE-2024-21413 vulnerability page.

On the https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21413 page

Release date Product Platform Impact Max Severity Article Download Build Number
Feb 13, 2024 Microsoft Office 2016 (64-bit edition) Remote Code Execution Critical 5002537 Security Update 16.0.5435.1001
Feb 13, 2024 Microsoft Office 2016 (64-bit edition) Remote Code Execution Critical 5002467 Security Update 16.0.5435.1001
Feb 13, 2024 Microsoft Office 2016 (64-bit edition) Remote Code Execution Critical 5002522 Security Update 16.0.5435.1001
Feb 13, 2024 Microsoft Office 2016 (64-bit edition) Remote Code Execution Critical 5002519 Security Update 16.0.5435.1000
Feb 13, 2024 Microsoft Office 2016 (32-bit edition) Remote Code Execution Critical 5002537 Security Update 16.0.5435.1001
Feb 13, 2024 Microsoft Office 2016 (32-bit edition) Remote Code Execution Critical 5002467 Security Update 16.0.5435.1001
Feb 13, 2024 Microsoft Office 2016 (32-bit edition) Remote Code Execution Critical 5002522 Security Update 16.0.5435.1001
Feb 13, 2024 Microsoft Office 2016 (32-bit edition) Remote Code Execution Critical 5002519 Security Update 16.0.5435.1000
Feb 13, 2024 Microsoft Office LTSC 2021 for 32-bit editions Remote Code Execution Critical Click to Run Security Update https://aka.ms/OfficeSecurityReleases
Feb 13, 2024 Microsoft Office LTSC 2021 for 64-bit editions Remote Code Execution Critical Click to Run Security Update https://aka.ms/OfficeSecurityReleases
Feb 13, 2024 Microsoft 365 Apps for Enterprise for 64-bit Systems Remote Code Execution Critical Click to Run Security Update https://aka.ms/OfficeSecurityReleases
Feb 13, 2024 Microsoft 365 Apps for Enterprise for 32-bit Systems Remote Code Execution Critical Click to Run Security Update https://aka.ms/OfficeSecurityReleases
Feb 13, 2024 Microsoft Office 2019 for 64-bit editions Remote Code Execution Critical Click to Run Security Update https://aka.ms/OfficeSecurityReleases
Feb 13, 2024 Microsoft Office 2019 for 32-bit editions Remote Code Execution Critical Click to Run Security Update https://aka.ms/OfficeSecurityReleases

Some of the products are listed as Article | Download | Build Number as shown in the table below (office 2016)

Some products do not have an Article | Download link and the Build Number value is https://aka.ms/OfficeSecurityReleases.

The path to Article | Click to Run is the same for all of them, and there is no security updates link.

Are the rest of the products besides Office 2016 not publishing the Article KB but only the Build Number?

Or are they just not patched yet? I'm curious.

Will the MS February patch and Office auto-update fix the vulnerability?

Thanks.

Outlook | Windows | Classic Outlook for Windows | For home

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-02-23T02:10:10+00:00

    Hi AlexChen

    Thank you so much for your reply, I've been waiting for it.

    Your explanation of Click-to-Run technology is well understood.

    I have a couple of questions about that.

    1. do you mean that the Click-to-Run process will automatically update in the background?
    • Or are you saying that MS will force patching for security purposes even if there is no update behavior,

    such as periodically updating when the PC is turned off?

    1. when windows update, it also updates office products. Do I need to enable the option to automatically update the above?
    2. is this the same in a network environment where a WSUS server is deployed?

    If you don't understand the theory, please don't hesitate to explain.

    I feel comfortable getting answers through the MS community.

    Thank you MS.

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2024-02-22T08:39:36+00:00

    Hello!

    Good day!

    Thank you for reaching out to Microsoft support.

    The reason why some products do not have an Article or Download link is because they are updated through Click-to-Run technology, which means that the updates are automatically downloaded and installed in the background without the need for user intervention.

    As for the vulnerability, the security updates released on February 13, 2024, should fix the issue. We highly recommend that you keep your Microsoft products up to date to ensure that you are protected from any potential security threats. If you have any further questions or concerns, please don't hesitate to ask.

    Sincerely,

    Microsoft Community Moderator.

    0 comments
  3. Anonymous
    2024-02-21T13:53:36+00:00

    Hi,

    Do you have any updates on this? Why download link is not available for Microsoft 365 Applications? Will this download automatically on Microsoft 365 Applications?

    0 comments
  4. Anonymous
    2024-02-16T04:08:05+00:00

    Will automatic patchups fix the vulnerability?

    Will the answer be replied to here again?

    0 comments
  5. Anonymous
    2024-02-16T02:56:42+00:00

    Hi,

    Good day!

    Thank you for posting to Microsoft Community. We are glad to assist.

    We are looking into your situation, and we will update the thread accordingly.

    Appreciate your patience and understanding and thank you for your time and cooperation.

    Sincerely,

    Microsoft Community Moderator.

    0 comments