Tuesday, January 19, 15:44
Home security Microsoft fixes vulnerabilities in Outlook and other Office errors

Microsoft fixes vulnerabilities in Outlook and other Office errors

Microsoft Office Outlook

Η Microsoft corrected critical error of Outlook. The company released them updates security of Office for October 2020, correcting 13 vulnerabilities that could allow remote intruders to execute malicious code on vulnerable systems.

The most important vulnerability that is fixed with the new Microsoft Office security updates is CVE-2020-16947, a vulnerability that allows remote code execution when previewing or opening malware emails with a vulnerable version of Microsoft Outlook.

Vulnerability can also be exploited through specially hosted sites archives, designed to operate CVE-2020-16947.

Successful exploitation of the error allows attackers to execute code within the System user. In addition, the hackers can take control of the target system if the user, connected, has administrator rights.

The CVE-2020-16947 vulnerability affects many Office products, such as Microsoft Outlook 2016The Microsoft Office 2019 and Microsoft 365 Apps for Enterprise.

Office vulnerabilities fixed with the October security updates

The Patch Tuesday Office for October 2020 corrects vulnerabilities that allow remote code execution (RCE), bypass solutions security, gaining more privileges in vulnerable systems, carrying out denial of service attacks and disclosing information. They are also corrected cross-site scripting vulnerabilities on Windows systems running vulnerable Microsoft Installer (.msi) and Click-to-Run versions of Microsoft Office products.

Microsoft described the 11 RCE vulnerabilities it fixed in Office as "critical" or "serious" as exploiting intruders to install, view, modify and delete malware. data, as well as create their own fake administrator accounts on compromised Windows devices.

TagCVE IDTitleSeverity
Micrsoft OfficeCVE-2020-16933Microsoft Word Security Feature Bypass VulnerabilityImportant
Micrsoft OfficeCVE-2020-16929Microsoft Excel Remote Code Execution VulnerabilityImportant
Micrsoft OfficeCVE-2020-16934Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Micrsoft OfficeCVE-2020-16932Microsoft Excel Remote Code Execution VulnerabilityImportant
Micrsoft OfficeCVE-2020-16930Microsoft Excel Remote Code Execution VulnerabilityImportant
Micrsoft OfficeCVE-2020-16955Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Micrsoft OfficeCVE-2020-16928Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Micrsoft OfficeCVE-2020-16957Microsoft Office Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Micrsoft OfficeCVE-2020-16918Base3D Remote Code Execution VulnerabilityImportant
Micrsoft OfficeCVE-2020-16949Microsoft Outlook Denial of Service VulnerabilityModerate
Micrsoft OfficeCVE-2020-16947Microsoft Outlook Remote Code Execution VulnerabilityCritical
Micrsoft OfficeCVE-2020-16931Microsoft Excel Remote Code Execution VulnerabilityImportant
Micrsoft OfficeCVE-2020-16954Microsoft Office Remote Code Execution VulnerabilityImportant
Micrsoft OfficeCVE-2020-17003Base3D Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-16948Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16953Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16942Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16951Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-16944Microsoft SharePoint Reflective XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16945Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16946Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16941Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16950Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16952Microsoft SharePoint Remote Code Execution VulnerabilityCritical

October 2020: Microsoft Office Security Updates

According to Bleepingcomputer, this month's Microsoft Office security updates are delivered via the platform Microsoft Update and through it Download Center.

More information is available in the following tables (as found on Bleepingcomputer):

Microsoft Office 2016

ProductKnowledge Base article
Excel 2016Security update for Excel 2016 (KB4486678)
Office 2016Security update for Office 2016 (KB4486682)
Office 2016Security update for Office 2016 (KB4484417)
Outlook 2016Security update for Outlook 2016 (KB4486671)
Word 2016Security update for Word 2016 (KB4486679)

Microsoft Office 2013

ProductKnowledge Base article
Excel 2013Security update for Excel 2013 (KB4486695)
Office 2013Security update for Office 2013 (KB4486688)
Office 2013Security update for Office 2013 (KB4484435)
Outlook 2013Security update for Outlook 2013 (KB4484524)
Word 2013Security update for Word 2013 (KB4486692)

Microsoft Office 2010

ProductKnowledge Base article
Excel 2010Security update for Excel 2010 (KB4486707)
Office 2010Security update for Office 2010 (KB4486700)
Office 2010Security update for Office 2010 (KB4486701)
Outlook 2010Security update for Outlook 2010 (KB4486663)
Word 2010Security update for Word 2010 (KB4486703)

Microsoft SharePoint Server 2019

ProductKnowledge Base article
Office Online ServerSecurity update for Office Online Server (KB4486674)
SharePoint Server 2019Security update for SharePoint Server 2019 (KB4486676)

Microsoft SharePoint Server 2016

ProductKnowledge Base article
SharePoint Enterprise Server 2016Security update for SharePoint Enterprise Server 2016 (KB4486677)

Microsoft SharePoint Server 2013

ProductKnowledge Base article
Office Web Apps Server 2013Security update for Office Web Apps Server 2013 (KB4486689)
Project Server 2013Cumulative update for Project Server 2013 (KB4486691)
SharePoint Enterprise Server 2013Security update for SharePoint Enterprise Server 2013 (KB4486687)
SharePoint Enterprise Server 2013Cumulative update for SharePoint Enterprise Server 2013 (KB4486693)
SharePoint Foundation 2013Security update for SharePoint Foundation 2013 (KB4486694)
SharePoint Foundation 2013Cumulative update for SharePoint Foundation 2013 (KB4486690)

Microsoft SharePoint Server 2010

ProductKnowledge Base article
Project Server 2010Cumulative update for Project Server 2010 (KB4486702)
SharePoint Foundation 2010Security update for SharePoint Foundation 2010 (KB4486708)
SharePoint Server 2010Security update for SharePoint Server 2010 (KB4484531)
SharePoint Server 2010Cumulative update for SharePoint Server 2010 (KB4486705)
SharePoint Server 2010 Excel Web AppSecurity update for SharePoint Server 2010 Excel Web App (KB4462175)

Microsoft Patch Tuesday October 2020

On Tuesday, Microsoft released Patch Tuesday of October 2020, which includes all vulnerabilities in all its products. The company corrected a total of 87 vulnerabilities, with 12 of them being characterized as critical, 74 serious and one moderate.

Windows 10 non-security updates (KB4579311 & KB4577671) have also been released.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...
00:02:07

Virgin Orbit: Sends nine satellites into space

Virgin Orbit, a California-based start-up, has launched its first rocket into orbit around the earth. One...
00:03:19

Samsung: Everything you need to know about the Galaxy S21, S21 Plus and S21 Ultra

The new flagships of Samsung, presented at a large Unpacked virtual event on January 14, are the ideal proposal of the series ...

FBI: Hackers target vishing attacks companies around the world!

The FBI warns of hackers carrying out ongoing vishing attacks, targeting companies around the world. Specifically, hackers seek to steal ...

The IObit Forum has been compromised to spread ransomware to its members

The Windows IObit utility developer hacked over the weekend to launch an extensive attack aimed at distributing ...

Stolen COVID-19 vaccine data was manipulated by hackers

A few weeks ago, hackers managed to steal information about vaccines for COVID-19, from the medical organization of the European Union ...