First published: Tue Nov 08 2022(Updated: )
Microsoft Word Information Disclosure Vulnerability
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft 365 Apps for Enterprise | ||
Microsoft Office 2019 for 32-bit editions | ||
Microsoft Office 2019 for 64-bit editions | ||
Microsoft Office LTSC 2021 for 32-bit editions | ||
Microsoft 365 Apps for Enterprise | ||
Microsoft Office LTSC 2021 for 64-bit editions | ||
Microsoft Word 2013 RT | ||
Microsoft 365 Apps | ||
Microsoft Office | =2019 | |
Microsoft Office | =2021 | |
Microsoft Office Online Server | ||
Microsoft Office Web Apps Server | =2013-sp1 | |
Microsoft SharePoint Enterprise Server | =2013-sp1 | |
Microsoft SharePoint Enterprise Server | =2016 | |
Microsoft SharePoint Server | ||
Microsoft SharePoint Server | =2019 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2016 | |
Microsoft SharePoint Server Subscription Edition Language Pack | ||
Microsoft Word 2013 | ||
Microsoft Word 2013 | ||
Microsoft SharePoint Enterprise Server 2013 | ||
Microsoft SharePoint Server 2019 | ||
Microsoft Word 2016 | ||
Microsoft Word 2016 | ||
Microsoft Office Online Server | ||
Microsoft Office Web Apps Server 2013 | ||
Microsoft SharePoint Enterprise Server 2016 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41060 is a vulnerability in Microsoft Word that allows for information disclosure.
CVE-2022-41060 has a severity rating of 5.5, which is considered high.
The following products are affected by CVE-2022-41060: SharePoint Enterprise Server 2016, Office LTSC 2021 for 64-bit editions, Office Online Server, Word 2013, Word 2016, Word 2013 RT, SharePoint Enterprise Server 2013, Office Web Apps Server 2013, SharePoint Server Subscription Edition Language Pack, SharePoint Server 2019, Office 2019 for 32-bit editions, Office 2019 for 64-bit editions, Office LTSC 2021 for 32-bit editions, 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office, Microsoft Office Online Server, Microsoft Office Web Apps Server, Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server, and Microsoft Word.
To fix CVE-2022-41060, apply the relevant patches or updates provided by Microsoft for the affected software products.
More information about CVE-2022-41060 can be found at the Microsoft Security Response Center: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060)