CVE-2021-41368 : Security Advisory and Response

Microsoft Access Remote Code Execution Vulnerability was published on November 10, 2021, with a CVSS base score of 6.1.

Understanding CVE-2021-41368

This CVE involves a Remote Code Execution vulnerability affecting multiple versions of Microsoft Office.

What is CVE-2021-41368?

The CVE-2021-41368 is a Remote Code Execution vulnerability in Microsoft Access, allowing attackers to execute arbitrary code remotely.

The Impact of CVE-2021-41368

The vulnerability has a CVSS base score of 6.1 (Medium severity), posing a risk of unauthorized code execution on affected systems.

Technical Details of CVE-2021-41368

This section provides specific technical details of the vulnerability.

Vulnerability Description

Type: Remote Code Execution
CVSS Base Score: 6.1 (Medium)
Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C

Affected Systems and Versions

The following Microsoft products are impacted:

Microsoft Office LTSC 2021 (16.0.1)
Microsoft Office 2019 (19.0.0)
Microsoft 365 Apps for Enterprise (16.0.1)
Microsoft Office 2016 (16.0.0)
Microsoft Office 2013 SP1 (15.0.0)

Exploitation Mechanism

Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality: Low
Integrity: High
Availability: None
Enhanced User Interaction: Unchanged
Remediation Level: Official Fix
Report Confidence: Confirmed

Mitigation and Prevention

Protect your systems from CVE-2021-41368 by following the steps below.

Immediate Steps to Take

Apply security updates provided by Microsoft.
Disable ActiveX controls in Access.
Exercise caution when opening Access files from untrusted sources.

Long-Term Security Practices

Regularly update Microsoft Office products.
Implement strong password policies and access controls.
Educate users on safe computing practices.

Patching and Updates

Visit the Microsoft Security site for the latest security updates and patches.