CVE-2021-1711: 
vulnerability analysis and mitigation

Microsoft Office Remote Code Execution Vulnerability (CVE-2021-1711) was disclosed on January 12, 2021. This vulnerability affects various versions of Microsoft Office including Office 2016, Office 2013, Office 2010, and Microsoft 365 Apps Enterprise editions for both x86 and x64 architectures (NVD, Microsoft Support).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required. Under CVSS v2.0, it received a base score of 9.3 with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C) (NVD).

The vulnerability could allow remote code execution if a user opens a specially crafted Office file. The impact spans across confidentiality, integrity, and availability, with potential complete compromise of the affected system (Microsoft Support).

Microsoft has released security updates to address this vulnerability. The fix is available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For Office 2016, security update 4486755 is available for both 32-bit and 64-bit versions. This update replaces the previously released security update 4484508 (Microsoft Support).