We have been alerted to an issue with some Microsoft Office products. The vulnerability is reported to be actively exploited and we expect Microsoft will expedite the release of fixes.
Zero-day means that this is an immediate high risk and we are advised that it is already being exploited.
Who is impacted?
- Microsoft Office 2016 for 32-bit and 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit and 64-bit editions
- Microsoft 365 Apps for Enterprise for 32-bit and 64-bit systems
- Microsoft Office 2019 for 32-bit and 64-bit editions
What needs to happen?
There are three recommended courses of action. Kinetics is focusing on the firewall recommendation as it has the low probability of a negative impact. This recommendation is to block an outbound port on all firewalls. The possible impact would be that access to Azure file shares (that is not SharePoint) may fail. We have already tested this on our system, with no negative results. If you do use Azure file shares, there will be other steps we can take.
We expect the change to take an hour of engineering time per firewall.
How are Kinetics progressing this?
A team is currently working through all our KARE clients. We are starting with those who are supplied a firewall through us, then those who we patch manage firewalls for. After that it will be all remaining KARE clients.
As soon as patches are available we will be deploying those across all clients with KARE Foundation, and those left on the older “Core Fundamentals” and “Premium KARE” plans.
Those clients that are not on a KARE agreement, please contact requsets@kinetics.co.nz or your account manager.
FAQ: If I wait for the patch, do I need the firewall change?
We recommend the firewall change. We are adding it to our default configuration. This will help protect against future events of a similar type. UIt is not expensive to make the change (an hour maximum) and is sensible in this situation.
FAQ: What other protection do I have?
KARE Foundation clients have many layers of protection. Our browser security uses AI to look for websites that maybe compromised. Foundation clients also have our EDR which will also be looking for signs of nefarious activity
We will continue to monitor the security threads on this matter.