Quote:Microsoft released the March 2020 Office security updates on March 10, 2020, with a total of 13 security updates and 5 cumulative updates for 6 different products, with 12 of them patching bugs allowing attackers to execute arbitrary code remotely after exploitation.
Out of the 13 Office security updates released by Microsoft today, 12 of them patch RCE vulnerabilities (details in CVE-2020-0850, CVE-2020-0852, and CVE-2020-0892,) within Word 2010, SharePoint Server 2010, SharePoint Foundation 2010, SharePoint Server 2010 Office Web Apps, Word 2013, SharePoint Enterprise Server 2013, SharePoint Foundation 2013, Word 2016, SharePoint Enterprise Server 2016, SharePoint Server 2019 Language Pack, and Office Online Server.
The RCE bugs are rated by Microsoft with a severity rating of 'Important' seeing that they could enable potential attackers to execute arbitrary code and/or commands after successfully exploiting Windows devices running unpatched Office products, as well as take control of devices where the currently logged on user has administrative user rights.
Attackers could then install programs, view, change, and delete data, as well as create new accounts with full user rights on the compromised computers.
Two cross-site-scripting (XSS) vulnerabilities were also patched in SharePoint Enterprise Server 2013 and SharePoint Server 2019 (details in CVE-2020-0795, CVE-2020-0891, CVE-2020-0893, and CVE-2020-0894) that would allow attackers to run scripts in the security context of the current user and impersonate the user, steal sensitive data, or read content without authorization.
This month's Microsoft Office security updates are delivered through the Microsoft Update platform and via the Download Center.
Read more: https://www.bleepingcomputer.com/news/se...or-office/
![[-]](https://www.geeks.fyi/images/collapse.png)
