Risk Elimination from EOS Microsoft Office vulnerabilities

End of Support for Office 2013
End of Support for Office 2016 and Office 2019
Challenge
Detecting These Vulnerabilities in VMDR
Recommended Action Plan by Qualys TruRisk Eliminate
How Does TruRisk Eliminate Help?
Conclusion

End of Support for Office 2013

Support for Office 2013 ended on April 11, 2023 and there will be no extension and no extended security updates.

End of Support for Office 2016 and Office 2019

Support for Office 2016 and Office 2019 will end on October 14, 2025 and there will be no extension and no extended security updates.

Challenge

Office 2013 is affected by multiple CISA KEVs but cannot be patched, leaving known exploited vulnerabilities active.

Even Office 2016 is nearing end-of-life, and some vulnerabilities require manual patching or aren’t covered by auto-update channels.

The lack of Microsoft support means that any security flaws discovered in the future will remain unaddressed, potentially compromising sensitive data and system integrity.

Detecting These Vulnerabilities in VMDR

14 CVEs are listed in the official CISA KEV catalog which are confirmed to affect Office 2013 SP1 and/or Office 2016.

You can use the following query (QQL) to detect the associated CISA KEVs:

vulnerabilities.vulnerability.cveIds:[CVE-2017-11882,CVE-2018-0802,CVE-2018-0798,CVE-2019-0541,CVE-2021-27059,CVE-2021-38646,CVE-2021-42292,CVE-2017-8570,CVE-2017-0262,CVE-2017-0261,CVE-2017-0199,CVE-2015-2545,CVE-2017-11826,CVE-2019-1297]

Recommended Action Plan by Qualys TruRisk™ Eliminate

Immediate Removal of Office 2013 and 2016 from all production systems.

Microsoft provides an official tool, the Support and Recovery Assistant (SaRA), with a documented scenario called OfficeScrubScenario, which is designed to “Remove any version of Office from a device, including Office 2013 and Office 2016.”

How Does TruRisk™ Eliminate Help?

Qualys TruRisk™ Eliminate capabilities include Custom Assessment and Remediation (CAR), which allows you to create and execute custom scripts across assets in your environment.

CAR comes with a Script Library where one of the categories is “Eliminate Actions” which includes the out-of-the-box script for uninstallation of Office 2013 and 2016.

All you need to do is Import and Execute.

Conclusion

Qualys TruRisk™ Eliminate offers a comprehensive risk reduction solution with patch management, mitigation, isolation, custom remediation, and software installation/uninstallation options to proactively address nearly 100% of CISA KEVs and ransomware vulnerabilities.