Critical zero day Microsoft Office environment vulnerability

Harika Anasuya 21 Reputation points
2022-06-12T05:11:02.807+00:00

Hi Team,

We are using Windows Server 2016 OS with the following office versions:

  1. Microsoft Office Standard 2016
  2. Microsoft 365 Apps for Enterprise

Could you please suggest if the above versions are impacted to this vulnerability. If yes, please suggest the remediation action for it?

Regards,
Harika

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,662 questions
Excel Management
Excel Management
Excel: A family of Microsoft spreadsheet software with tools for analyzing, charting, and communicating data.Management: The act or process of organizing, handling, directing or controlling something.
1,756 questions
{count} votes

Accepted answer
  1. Limitless Technology 39,796 Reputation points
    2022-06-14T07:37:57.033+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query related to impacted to this vulnerability.

    The MSDT URL protocol is available in Windows Server 2019 & Windows 10 version 1809 and later supported versions of Windows. The registry key mentioned in the workaround section will not exist in earlier supported versions of Windows, so the workaround is not required.

    Reference :

    https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

    -------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Emi Zhang-MSFT 27,476 Reputation points Microsoft Vendor
    2022-06-13T03:14:35.097+00:00

    Hi @Harika Anasuya ,
    As this artricle said, "The vulnerability continued to exist in Office 2013 and 2016" and "only older Office versions seem to be affected. The current version of the Microsoft Office suite, as well as the packages from the Insider Channel, apparently prevent the exploit from being used. ". It is recommended to refer to this article:
    https://basic-tutorials.com/news/critical-zero-day-vulnerability-discovered-in-microsoft-office/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Harika Anasuya 21 Reputation points
    2022-06-21T09:13:35.763+00:00

    Thank you both.

    So, can you confirm once again as we are using older versions, there is no registry key present. So, I can say no impact on these windows server office versions right?

    Regards,
    Harika


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.