Sep 2021: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2021-38646 Published on September 15, 2021
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Known Exploited Vulnerability
This Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
The following remediation steps are recommended / required by April 18, 2022: Apply updates per vendor instructions.
Products Associated with CVE-2021-38646
stack.watch emails you whenever new vulnerabilities are published in Microsoft 365 Apps or Microsoft Office. Just hit a watch button to start following.
Affected Versions
Microsoft Office 2019:- Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0 and below 5215.1000 is affected.
- Version 15.0.0 and below 5381.1000 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.