KLA11687
Multiple vulnerabilities in Microsoft Office
Updated: 05/22/2020
Detect date
?
03/10/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
  2. A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
  3. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
Affected products

Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 for Mac
Office 365 ProPlus for 32-bit Systems
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft SharePoint Server 2019
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft Office Online Server
Office 365 ProPlus for 64-bit Systems
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Office 2019 for Mac
Microsoft Word 2013 RT Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-0855
CVE-2020-0795
CVE-2020-0850
CVE-2020-0851
CVE-2020-0852
CVE-2020-0891
CVE-2020-0892
CVE-2020-0893
CVE-2020-0894

Impacts
?
ACE 
[?]

OSI 
[?]

SUI 
[?]
Related products
Microsoft Office
Microsoft Word
CVE-IDS
?
CVE-2020-08550.0Unknown
CVE-2020-07950.0Unknown
CVE-2020-08500.0Unknown
CVE-2020-08510.0Unknown
CVE-2020-08520.0Unknown
CVE-2020-08910.0Unknown
CVE-2020-08920.0Unknown
CVE-2020-08930.0Unknown
CVE-2020-08940.0Unknown
KB list

4484237
4484272
4484277
4484197
4484242
4484275
4484231
4484282
4484124
4475606
4484271
4484270
4475602
4475597
4484150
4484240
4484268

Microsoft official advisories
Microsoft Security Update Guide