Η Microsoft corrected critical error of Outlook. The company released them updates security of Office for October 2020, correcting 13 vulnerabilities that could allow remote intruders to execute malicious code on vulnerable systems.
The most important vulnerability that is fixed with the new Microsoft Office security updates is CVE-2020-16947, a vulnerability that allows remote code execution when previewing or opening malware emails with a vulnerable version of Microsoft Outlook.
Vulnerability can also be exploited through specially hosted sites archives, designed to operate CVE-2020-16947.
Successful exploitation of the error allows attackers to execute code within the System user. In addition, the hackers can take control of the target system if the user, connected, has administrator rights.
The CVE-2020-16947 vulnerability affects many Office products, such as Microsoft Outlook 2016The Microsoft Office 2019 and Microsoft 365 Apps for Enterprise.
Office vulnerabilities fixed with the October security updates
The Patch Tuesday Office for October 2020 corrects vulnerabilities that allow remote code execution (RCE), bypass solutions security, gaining more privileges in vulnerable systems, carrying out denial of service attacks and disclosing information. They are also corrected cross-site scripting vulnerabilities on Windows systems running vulnerable Microsoft Installer (.msi) and Click-to-Run versions of Microsoft Office products.
Microsoft described the 11 RCE vulnerabilities it fixed in Office as "critical" or "serious" as exploiting intruders to install, view, modify and delete malware. data, as well as create their own fake administrator accounts on compromised Windows devices.
| Tag | CVE ID | Title | Severity |
| Micrsoft Office | CVE-2020-16933 | Microsoft Word Security Feature Bypass Vulnerability | Important |
| Micrsoft Office | CVE-2020-16929 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Micrsoft Office | CVE-2020-16934 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
| Micrsoft Office | CVE-2020-16932 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Micrsoft Office | CVE-2020-16930 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Micrsoft Office | CVE-2020-16955 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
| Micrsoft Office | CVE-2020-16928 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
| Micrsoft Office | CVE-2020-16957 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
| Micrsoft Office | CVE-2020-16918 | Base3D Remote Code Execution Vulnerability | Important |
| Micrsoft Office | CVE-2020-16949 | Microsoft Outlook Denial of Service Vulnerability | Moderate |
| Micrsoft Office | CVE-2020-16947 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
| Micrsoft Office | CVE-2020-16931 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Micrsoft Office | CVE-2020-16954 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Micrsoft Office | CVE-2020-17003 | Base3D Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-16948 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16953 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16942 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16951 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-16944 | Microsoft SharePoint Reflective XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16945 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16946 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16941 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16950 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-16952 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
October 2020: Microsoft Office Security Updates
According to Bleepingcomputer, this month's Microsoft Office security updates are delivered via the platform Microsoft Update and through it Download Center.
More information is available in the following tables (as found on Bleepingcomputer):
Microsoft Office 2016
| Product | Knowledge Base article |
|---|---|
| Excel 2016 | Security update for Excel 2016 (KB4486678) |
| Office 2016 | Security update for Office 2016 (KB4486682) |
| Office 2016 | Security update for Office 2016 (KB4484417) |
| Outlook 2016 | Security update for Outlook 2016 (KB4486671) |
| Word 2016 | Security update for Word 2016 (KB4486679) |
Microsoft Office 2013
| Product | Knowledge Base article |
|---|---|
| Excel 2013 | Security update for Excel 2013 (KB4486695) |
| Office 2013 | Security update for Office 2013 (KB4486688) |
| Office 2013 | Security update for Office 2013 (KB4484435) |
| Outlook 2013 | Security update for Outlook 2013 (KB4484524) |
| Word 2013 | Security update for Word 2013 (KB4486692) |
Microsoft Office 2010
| Product | Knowledge Base article |
|---|---|
| Excel 2010 | Security update for Excel 2010 (KB4486707) |
| Office 2010 | Security update for Office 2010 (KB4486700) |
| Office 2010 | Security update for Office 2010 (KB4486701) |
| Outlook 2010 | Security update for Outlook 2010 (KB4486663) |
| Word 2010 | Security update for Word 2010 (KB4486703) |
Microsoft SharePoint Server 2019
| Product | Knowledge Base article |
|---|---|
| Office Online Server | Security update for Office Online Server (KB4486674) |
| SharePoint Server 2019 | Security update for SharePoint Server 2019 (KB4486676) |
Microsoft SharePoint Server 2016
| Product | Knowledge Base article |
|---|---|
| SharePoint Enterprise Server 2016 | Security update for SharePoint Enterprise Server 2016 (KB4486677) |
Microsoft SharePoint Server 2013
| Product | Knowledge Base article |
|---|---|
| Office Web Apps Server 2013 | Security update for Office Web Apps Server 2013 (KB4486689) |
| Project Server 2013 | Cumulative update for Project Server 2013 (KB4486691) |
| SharePoint Enterprise Server 2013 | Security update for SharePoint Enterprise Server 2013 (KB4486687) |
| SharePoint Enterprise Server 2013 | Cumulative update for SharePoint Enterprise Server 2013 (KB4486693) |
| SharePoint Foundation 2013 | Security update for SharePoint Foundation 2013 (KB4486694) |
| SharePoint Foundation 2013 | Cumulative update for SharePoint Foundation 2013 (KB4486690) |
Microsoft SharePoint Server 2010
| Product | Knowledge Base article |
|---|---|
| Project Server 2010 | Cumulative update for Project Server 2010 (KB4486702) |
| SharePoint Foundation 2010 | Security update for SharePoint Foundation 2010 (KB4486708) |
| SharePoint Server 2010 | Security update for SharePoint Server 2010 (KB4484531) |
| SharePoint Server 2010 | Cumulative update for SharePoint Server 2010 (KB4486705) |
| SharePoint Server 2010 Excel Web App | Security update for SharePoint Server 2010 Excel Web App (KB4462175) |
Microsoft Patch Tuesday October 2020
On Tuesday, Microsoft released Patch Tuesday of October 2020, which includes all vulnerabilities in all its products. The company corrected a total of 87 vulnerabilities, with 12 of them being characterized as critical, 74 serious and one moderate.
Windows 10 non-security updates (KB4579311 & KB4577671) have also been released.
Greek
Chinese (Simplified)
English
Greek
Russian