Microsoft releases important OOB security updates for Microsoft Office
Microsoft has urgently released an "out-of-band" security update to fix remote code execution vulnerabilities that exist in the Autodesk FBX library (Autodesk FBX Software Development Kit), which is integrated. in Microsoft Office and Paint 3D applications.
Last month, Autodesk also released security updates to its Autodesk FBX Software Development Kit to address issues related to remote code execution as well as service denial vulnerabilities. by crashes in specially crafted FBX files. FBX is the Autodesk file format used to store 3D models, formats and animations.
To exploit these vulnerabilities, an attacker will create a malicious FBX file to take advantage of buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference and heap overflow, "then carry out DoS attacks or execute code remotely.
Microsoft Office uses Autodesk FBX library
In fact, Microsoft Office 2016, Microsoft 2019, Office 365 and Paint 3D applications all use Autodesk FBX library. This forced Microsoft to release new security updates to address the bugs that led to remote code execution mentioned above, as well as DoS vulnerabilities in its products to avoid unfortunate incidents that people User may encounter.
In a new security recommendation was released with the title 'ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library ', Microsoft explained that opening malicious FBX files in Office applications could lead to remote code execution, specifically as follows:
'Remote code execution vulnerabilities exist in Microsoft products that use the FBX library when processing specially crafted 3D content. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the local user. To exploit the vulnerability, an attacker must send a specially crafted file containing 3D content to disguise, then send it to the victim and persuade them to open the file.
Security updates address these vulnerabilities by fixing bugs that exist in Microsoft software's 3D content processing process.
How to install Microsoft Office security updates
To install security updates, users can open an Office application, click the File options menu , and then select Account .
The Account section opens, looking to the right, you will see a section titled " Office Updates " with a button labeled ' Update Options '. Click this button and select ' Update Now '.
Office Updates sectionMicrosoft Office will automatically check and install any available updates.
Automatically check for available updatesAfter the updates are downloaded and installed, you will need to restart your Office applications.
You should read it
- A critical flaw in Internet Explorer forced Microsoft to release patches for Windows 7
- Google releases an urgent update for Chrome, users should update immediately
- Microsoft fixes 28 Windows and Office security bugs
- Update Firefox now to fix a serious security hole
- Microsoft Remote Desktop for iOS has a major update with many worthwhile changes
- How to Update Microsoft Word on Windows and Mac
- Microsoft has released a critical update for Windows 10, users need to update now
- If you are using Firefox, update it immediately to fix security
- Lenovo updates BIOS to patch security holes for hundreds of device models
- Microsoft released Service Pack 1 update for Office 2013
- Apple releases iOS 15.3.1 to completely fix Safari security flaw
- What's special about Windows 10 April Update update?
Maybe you are interested
Microsoft Lists Why TPM, Secure Boot Are Mandatory on Windows 11
9 Tips and Tricks to Get the Most Out of Microsoft Clipchamp
Looking Back at Microsoft Edge in 2024: The Impressive Numbers
A look at Windows 10 and 11 features Microsoft has removed or stopped supporting in 2024
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud