Login Sign Up

CVE-2021-27055

7.0 HIGH

📋 TL;DR

CVE-2021-27055 is a security feature bypass vulnerability in Microsoft Visio that allows attackers to circumvent security controls when opening specially crafted files. This affects users who open untrusted Visio files, potentially leading to unauthorized actions. The vulnerability requires user interaction through opening a malicious file.

💻 Affected Systems

Products:
  • Microsoft Visio
Versions: Microsoft Visio 2016, 2019, and Microsoft 365 Apps for Enterprise
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Visio installations; requires user to open malicious .vsdx file.

📦 What is this software?

365 Apps by Microsoft

View all CVEs affecting 365 Apps →

Office by Microsoft

View all CVEs affecting Office →

Visio by Microsoft

View all CVEs affecting Visio →

Visio by Microsoft

View all CVEs affecting Visio →

Visio by Microsoft

View all CVEs affecting Visio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could bypass security features to execute arbitrary code with the privileges of the current user, potentially leading to full system compromise if combined with other vulnerabilities.

🟠

Likely Case

Attackers bypass security warnings to trick users into opening malicious files, leading to limited system access or data theft.

🟢

If Mitigated

With proper controls, the impact is limited to the user's session and isolated through application sandboxing.

🌐 Internet-Facing: LOW - Requires user interaction with malicious files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing with malicious Visio attachments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires social engineering to deliver malicious file; user must open the file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates released in March 2021

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055

Restart Required: Yes

Instructions:

1. Open Microsoft Visio. 2. Go to File > Account > Update Options > Update Now. 3. Install available updates. 4. Restart Visio when prompted.

🔧 Temporary Workarounds

Block .vsdx files via email filtering

all

Configure email gateways to block or quarantine .vsdx attachments from untrusted sources.

Disable Visio file preview

windows

Disable preview of Visio files in Windows Explorer to prevent automatic parsing.

reg add "HKCU\Software\Classes\.vsdx" /v "PerceivedType" /t REG_SZ /d "" /f

🧯 If You Can't Patch

  • Restrict Visio usage to trusted users only and implement application whitelisting.
  • Educate users about the risks of opening untrusted Visio files and implement strict file validation procedures.

🔍 How to Verify

Check if Vulnerable:

Check Visio version via File > Account > About Visio. If version is prior to March 2021 updates, it's vulnerable.

Check Version:

In Visio: File > Account > About Visio

Verify Fix Applied:

Verify Visio version is updated to March 2021 or later security updates.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing Visio crashes or suspicious file opens
  • Antivirus alerts for malicious .vsdx files

Network Indicators:

  • Unusual outbound connections after opening Visio files
  • File downloads of .vsdx from untrusted sources

SIEM Query:

source="Windows Security" EventID=4688 ProcessName="VISIO.EXE" | stats count by host

📊 Metadata

CVE ID: CVE-2021-27055
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: March 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON