CVE-2021-40479: 
vulnerability analysis and mitigation

Microsoft Excel Remote Code Execution Vulnerability (CVE-2021-40479) was disclosed on October 12, 2021. This vulnerability affects multiple versions of Microsoft Office products including Microsoft 365 Apps Enterprise, Office 2013 SP1, Office 2016, Office 2019, and Office LTSC 2021. This CVE is unique from related vulnerabilities CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, and CVE-2021-40485 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 6.8 (MEDIUM) with the vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with the privileges of the targeted user. The vulnerability affects the confidentiality, integrity, and availability of the system, with all three aspects rated as High under CVSS v3.1 scoring (NVD).

Microsoft has released security updates to address this vulnerability. The fix is available through Microsoft Update and can be obtained through various methods including automatic updates, Microsoft Update Catalog, or standalone update packages for both 32-bit and 64-bit versions of Office 2016 (Microsoft Support).