False Positives - Office 2021 LTSC
29 views
Skip to first unread message
retroisbest
Sep 27, 2024, 4:01:28 AM9/27/24
to Wazuh | Mailing List
Good afternoon,
We are seeing quite a few Office related CVEs and would like to investigate them further to check if they are a false positive.
The one CVE im going to investigate first is CVE-2023-33150
All of my clients are running the Wazuh agent version 4.9.0
Wazuh Manager is also 4.9.0
I have recently deployed Office 2021 LTSC Build number = 14332.20771 Version = 2108
The Microsoft article for this CVE shows there is an update for Office 2021 LTSC
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150
The update notes for the Office 2021 LTSC
https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
This is for the patch that was released on September the 10th which is the exact same version and build number of my deployed Office.
Is this a false positive?
Are there any steps I can take to resolve this logged CVE?
I'm also seeing the following CVE's related to the above Office 2021 package
CVE-1999-0794
CVE-2006-1311
CVE-2021-42293
CVE-2021-42295
CVE-2021-42296
CVE-2021-43255
CVE-2021-43256
CVE-2021-43875
CVE-2022-21840
CVE-2022-21841
CVE-2022-24461
CVE-2022-24462
CVE-2022-24473
CVE-2022-24509
CVE-2022-24510
CVE-2022-24511
CVE-2022-26901
CVE-2022-29107
CVE-2022-29109
CVE-2022-41060
CVE-2022-41061
CVE-2022-41063
CVE-2022-41103
CVE-2022-41104
CVE-2022-41105
.... and many more! (Shall i continue posting the CVE IDs?
The Package name is showing as "Microsoft Office LTSC Professional Plus 2021 - en-us"
and package.version = "16.0.14332.20771"
Thanks!
We are seeing quite a few Office related CVEs and would like to investigate them further to check if they are a false positive.
The one CVE im going to investigate first is CVE-2023-33150
All of my clients are running the Wazuh agent version 4.9.0
Wazuh Manager is also 4.9.0
I have recently deployed Office 2021 LTSC Build number = 14332.20771 Version = 2108
The Microsoft article for this CVE shows there is an update for Office 2021 LTSC
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150
The update notes for the Office 2021 LTSC
https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
This is for the patch that was released on September the 10th which is the exact same version and build number of my deployed Office.
Is this a false positive?
Are there any steps I can take to resolve this logged CVE?
I'm also seeing the following CVE's related to the above Office 2021 package
CVE-1999-0794
CVE-2006-1311
CVE-2021-42293
CVE-2021-42295
CVE-2021-42296
CVE-2021-43255
CVE-2021-43256
CVE-2021-43875
CVE-2022-21840
CVE-2022-21841
CVE-2022-24461
CVE-2022-24462
CVE-2022-24473
CVE-2022-24509
CVE-2022-24510
CVE-2022-24511
CVE-2022-26901
CVE-2022-29107
CVE-2022-29109
CVE-2022-41060
CVE-2022-41061
CVE-2022-41063
CVE-2022-41103
CVE-2022-41104
CVE-2022-41105
.... and many more! (Shall i continue posting the CVE IDs?
The Package name is showing as "Microsoft Office LTSC Professional Plus 2021 - en-us"
and package.version = "16.0.14332.20771"
Thanks!
The Blessed Edward Bamber Catholic Multi Academy Trust is a company limited by guarantee and an exempt charity registered in England and Wales under company number 9111449, and registered office 14-17 Metro House, Metropolitan Drive, FY3 9LT.
St Mary’s Catholic Academy is a business name of the company.
A copy of the our data protection policy can be found on the trust website, www.bebcmat.co.uk
Md. Nazmur Sakib
Sep 27, 2024, 5:59:52 AM9/27/24
to Wazuh | Mailing List
Hi Retroisbest,
It seems like a false positive.
I believe this is due to the NVD feed
https://nvd.nist.gov/vuln/detail/CVE-2023-33150
But it seems false positive to me based on MSU
https://msrc.microsoft.com/update-guide/en-us/advisory/CVE-2023-33150
https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
I will suggest you report the issue in Github, the responsible team will check and perform necessary sensitization to the feed.
https://github.com/wazuh/wazuh/issues/new/choose
https://github.com/wazuh/wazuh/issues/25887
If you need further assistance creating the issue on GitHub or if you want me to create the issue for you let me know.
I hope you find this information useful.
Reply all
Reply to author
Forward
0 new messages