CVE-2022-41104 Microsoft CVE debrief

Who should care

Organizations running affected Microsoft Excel and Office versions, particularly those with users who regularly open external documents. Security teams responsible for Office patch management and endpoint protection. Compliance teams tracking vulnerability remediation timelines for productivity software.

Technical summary

CVE-2022-41104 is a security feature bypass vulnerability in Microsoft Excel with CVSS 3.1 score 5.5 (MEDIUM). The attack vector is local (AV:L) with low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R). Successful exploitation results in high confidentiality impact (C:H) with no integrity or availability impact. The vulnerability affects Microsoft 365 Apps for Enterprise, Excel 2013 SP1 (including RT), Excel 2016, Office 2019, and Office LTSC 2021. Microsoft released security updates in November 2022. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Defensive priority

medium

Recommended defensive actions

• Apply Microsoft security updates for affected Excel and Office versions per MSRC guidance
• Review Microsoft Update Guide for deployment prioritization and additional mitigation options
• Ensure endpoint protection solutions are updated to detect malicious Excel files
• Educate users on risks of opening untrusted Office documents from external sources
• Verify patch deployment across all affected product versions including Office 2013 SP1, 2016, 2019, Microsoft 365 Apps, and Office LTSC 2021

Evidence notes

CVE published 2022-11-09 by NVD. Microsoft Security Response Center (MSRC) guidance available. CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. Not listed in CISA KEV catalog.

Official resources