Kaspersky Threats

Detect date

?

03/10/2020

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.

Affected products

Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 for Mac
Office 365 ProPlus for 32-bit Systems
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft SharePoint Server 2019
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft Office Online Server
Office 365 ProPlus for 64-bit Systems
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Office 2019 for Mac
Microsoft Word 2013 RT Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-0855
CVE-2020-0795
CVE-2020-0850
CVE-2020-0851
CVE-2020-0852
CVE-2020-0891
CVE-2020-0892
CVE-2020-0893
CVE-2020-0894

Impacts

?

ACE

[?]

OSI

[?]

SUI

[?]

Detect date ?	03/10/2020
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code. A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
Affected products	Microsoft Office 2019 for 32-bit editions Microsoft Office 2016 for Mac Office 365 ProPlus for 32-bit Systems Microsoft SharePoint Server 2010 Service Pack 2 Microsoft Business Productivity Servers 2010 Service Pack 2 Microsoft SharePoint Server 2019 Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft SharePoint Enterprise Server 2016 Microsoft Office Online Server Office 365 ProPlus for 64-bit Systems Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Word 2016 (64-bit edition) Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft Office 2019 for Mac Microsoft Word 2013 RT Service Pack 1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-0855 CVE-2020-0795 CVE-2020-0850 CVE-2020-0851 CVE-2020-0852 CVE-2020-0891 CVE-2020-0892 CVE-2020-0893 CVE-2020-0894
Impacts ?	ACE [?] OSI [?] SUI [?]
Related products	Microsoft Office Microsoft Word
CVE-IDS ?	CVE-2020-08559.3Critical CVE-2020-07953.5Warning CVE-2020-08506.8High CVE-2020-08519.3Critical CVE-2020-08529.3Critical CVE-2020-08913.5Warning CVE-2020-08929.3Critical CVE-2020-08933.5Warning CVE-2020-08943.5Warning
KB list	4484237 4484272 4484277 4484197 4484242 4484275 4484231 4484282 4484124 4475606 4484271 4484270 4475602 4475597 4484150 4484240 4484268
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11687Multiple vulnerabilities in Microsoft Office

KLA11687
Multiple vulnerabilities in Microsoft Office