{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-000002cdce41","releaseDate":"2021-04-13T07:00:00Z","cveNumber":"CVE-2021-28449","cveTitle":"Microsoft Office Remote Code Execution Vulnerability","releaseNumber":"2021-Apr","vulnType":"Security Vulnerability","latestRevisionDate":"2021-04-27T07:00:00Z","cweList":[],"mitreText":"CVE-2021-28449","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2021-28449","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":2,"olderSoftwareRelease":"Exploitation Less Likely","denialOfService":"N/A","tag":"Microsoft Office Excel","issuingCna":"Microsoft","severityId":0,"impactId":0,"langCode":"en-US","baseScore":"7.8","temporalScore":"7.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","isMariner":false,"articles":[{"articleType":"FAQ","description":"
Is the Preview Pane an attack vector for this vulnerability?
\nNo, the Preview Pane is not an attack vector.
\n","ordinal":10000},{"articleType":"FAQ","description":"Why am I receiving notifications during file load?
\nSome Office files, templates, or add-ins (even ones originally obtained from Microsoft) may display a notification message. Macros, or add-ins, in those files have been disabled. Please see Side effects after you apply April 2021 security updates for Office for more information.
\nI'm running Office 2010 or Office 2013. Why are my add-ins such as Solver and Analysis ToolPak appearing in a different language after installing this update?
\nThis behavior is expected after installing these updates. Please see Side effects after you apply April 2021 security updates for Office to learn the steps in order to display the desired language.
\nI'm running Office 2007. How do I protect myself?
\nMicrosoft Office 2007 reached end of support on October 10, 2017. To stay supported, you will need to upgrade to a supported version of Office. If upgrading is not feasible, applying the following mitigations can help protect your system; however, they will disable multiple features in Microsoft Office. To mitigate the vulnerability, all of the following modifications must be made:
\nRemove all Trusted Publishers: See Plan security settings for ActiveX controls, add-ins, and macros in the 2007 Office system for more information.
\nDisable VBA for Office: See How to turn off Visual Basic for Applications when you deploy Office
\nIn addition, for each Microsoft Office 2007 Application, disable the following:
\nInformation published.
\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"5de4a752-9286-eb11-a838-000d3a6d3364"},{"cveNumber":"CVE-2021-28449","version":1.1,"revisionDate":"2021-04-27T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"Updated acknowledgment.
\n","unformattedDescription":"Updated acknowledgment.","notificationNeeded":false,"notificationSent":false,"sourceId":"bcac7a4b-7da7-eb11-a83e-000d3a6d3364"}]}