PatchSiren cyber security CVE debrief

CVE-2022-21840 Microsoft CVE debrief

CVE-2022-21840 is a remote code execution vulnerability in Microsoft Office, published by NVD on 2022-01-11 and last modified on 2026-05-19. The vulnerability carries a CVSS 3.1 score of 8.8 (HIGH severity) with an attack vector of network-based, low complexity, requiring no privileges but user interaction, and can result in high impact to confidentiality, integrity, and availability. Affected products include multiple versions of Microsoft Excel 2013 SP1, Excel 2016, Office 2013 SP1, Office 2016, Office 2019, Office LTSC 2021, Office Online Server, Office Web Apps 2013 SP1, and SharePoint Server 2013 SP1, 2016, 2019, and Subscription Edition across x64, x86, macOS, and RT platforms. Microsoft has published security guidance for this vulnerability. The weakness classification is listed as NVD-CWE-noinfo, indicating no specific CWE information is available from NVD. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Vendor: Microsoft
Product: Microsoft SharePoint Enterprise Server 2016
CVSS: HIGH 8.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2022-01-11
Original CVE updated: 2026-05-19
Advisory published: 2022-01-11
Advisory updated: 2026-05-19

Who should care

Organizations running Microsoft Office 2013 SP1, 2016, 2019, or Office LTSC 2021; SharePoint Server 2013, 2016, 2019, or Subscription Edition administrators; security teams responsible for endpoint protection and patch management; users who regularly handle Office documents from external sources

Technical summary

This vulnerability allows remote code execution through Microsoft Office products. The attack requires user interaction, typically through opening a maliciously crafted Office document. Successful exploitation could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability affects a broad range of Microsoft Office and SharePoint products across multiple versions and platforms including Windows x64/x86, macOS, and RT.

Defensive priority

high

Recommended defensive actions

Apply Microsoft security updates for affected Office and SharePoint products as referenced in Microsoft Security Response Center guidance
Prioritize patching systems running Office 2013 SP1, Office 2016, Office 2019, Office LTSC 2021, and SharePoint Server versions listed in affected products
Review and implement Microsoft security configuration recommendations for Office document handling
Consider enabling Protected View or Application Guard for Office to reduce attack surface from untrusted documents
Monitor for suspicious Office document activity and user reports of unexpected behavior when opening files

Evidence notes

CVE published 2022-01-11; modified 2026-05-19. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Affected product list derived from NVD CPE criteria. Not present in CISA KEV as of source data.

Official resources

CVE-2022-21840 CVE record
CVE.org
CVE-2022-21840 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
af854a3a-2127-422b-91ae-364da2661108

Microsoft disclosed this vulnerability as part of their January 2022 security updates.