Quote:Microsoft released the February 2020 Office security updates on February 11, 2020, with a total of 10 security updates and three cumulative updates for six different products, with three of them patching flaws allowing for remote code execution.
Out of the ten security updates released by Microsoft, three of them patch remote code execution (RCE) bugs detailed in the CVE-2020-0759 security advisory and impacting Excel 2016, Excel 2013, and Excel 2010.
The RCE bugs received a severity rating of 'Important' from Microsoft given that they could allow potential attackers to execute arbitrary code and/or commands after successfully exploiting vulnerable Windows devices, as well as take control of devices where the current user is logged on with administrative user rights. Attackers could then install programs, view, change, and delete data, or create new accounts with full user rights on the now compromised computers.
Three security feature bypass vulnerabilities were also patched in Outlook 2010, Outlook 2013, and Outlook 2016 (CVE-2020-0696) that would allow for arbitrary code execution when attackers use it in conjunction with another security flaw such as an RCE bug.
A spoofing vulnerability in Office Online Server (CVE-2020-0695) and three cross-site-scripting (XSS) flaws in SharePoint Server 2019, SharePoint Enterprise Server 2016, and SharePoint Foundation 2013 (CVE-2020-0693 and CVE-2020-0694) were also fixed with this series of Microsoft Office security updates.
Read more: https://www.bleepingcomputer.com/news/se...ity-fixes/
![[-]](https://www.geeks.fyi/images/collapse.png)
