Arrived! The first Office bug fixes for 2021

Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

Microsoft announced 83 security bug fixes for January 2021, the count is really 96 once you add the Edge browser patches from last week.

At first look, it seems there’s only five Office related patches including two each for Word and Excel.  

It’s important to keep both Office and the underlying operating system patched. The Office patches are just the tip of the proverbial iceberg. Many of the other security holes in Windows components are accessed by hacked Office documents.

Defender security hole

The notable security hole is CVE-2021-1648 which is very serious no matter how much Microsoft tries to downplay it. 

It’s a security lapse in Microsoft Defender, the anti-virus system itself which allows hackers to run remote code on an infected computer. 

This exploit has been seen ‘in the wild’ and could be adapted to more serious attacks.  Microsoft has managed, in its usual self-serving analysis, to rate this as merely ‘Proof of Concept’ and not exploited (using a very narrow definition of ‘exploited’).

Windows Defender / Malware Protection Engine should update automatically in Windows 10. 8.1 and server editions. If you want to make sure, go to Windows Update and click Check for Updates.

Office software security patches

Here are the January 2021 Office related patches. All supported versions of Word & Excel for Windows and Mac are affected.  (Office 365 for Mac isn’t specifically mentioned though Office 2019 for Mac is)

Office

CVE-2021-1711 
Office for Windows 365, 2019, 2016, 2013 and 2010

Excel

CVE-2021-1713             
Excel for Windows 365, 2019, 2016, 2013 and 2010.
Excel 2019 for Mac.

CVE-2021-1714             
Excel for Windows 365, 2019, 2016, 2013 and 2010.
Excel 2019 for Mac.

Word

CVE-2021-1715 
Word 365, 2019, 2016, 2013 and 2010.
Word 2019 for Mac.

CVE-2021-1716             
Word 365, 2019, 2016, 2013 and 2010.
Word 2019 for Mac.