KLA11687
Multiple vulnerabilities in Microsoft Office

Обновлено: 03/06/2020
Дата обнаружения
10/03/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
  2. A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
  3. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
Пораженные продукты

Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 for Mac
Office 365 ProPlus for 32-bit Systems
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft SharePoint Server 2019
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft Office Online Server
Office 365 ProPlus for 64-bit Systems
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Office 2019 for Mac
Microsoft Word 2013 RT Service Pack 1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-0855
CVE-2020-0795
CVE-2020-0850
CVE-2020-0851
CVE-2020-0852
CVE-2020-0891
CVE-2020-0892
CVE-2020-0893
CVE-2020-0894
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SUI 
[?]
Связанные продукты
Microsoft Office
Microsoft Word
CVE-IDS
CVE-2020-08559.3Critical
CVE-2020-07953.5Warning
CVE-2020-08506.8High
CVE-2020-08519.3Critical
CVE-2020-08529.3Critical
CVE-2020-08913.5Warning
CVE-2020-08929.3Critical
CVE-2020-08933.5Warning
CVE-2020-08943.5Warning
KB list

4484237
4484272
4484277
4484197
4484242
4484275
4484231
4484282
4484124
4475606
4484271
4484270
4475602
4475597
4484150
4484240
4484268