Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Microsoft releases important OOB security updates for Microsoft Office
Microsoft has urgently released an "out-of-band" security update to fix remote code execution vulnerabilities that exist in the Autodesk FBX library (Autodesk FBX Software Development Kit), which is integrated. in Microsoft Office and Paint 3D applications.
Last month, Autodesk also released security updates to its Autodesk FBX Software Development Kit to address issues related to remote code execution as well as service denial vulnerabilities. by crashes in specially crafted FBX files. FBX is the Autodesk file format used to store 3D models, formats and animations.
To exploit these vulnerabilities, an attacker will create a malicious FBX file to take advantage of buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference and heap overflow, "then carry out DoS attacks or execute code remotely.
Microsoft Office uses Autodesk FBX library
In fact, Microsoft Office 2016, Microsoft 2019, Office 365 and Paint 3D applications all use Autodesk FBX library. This forced Microsoft to release new security updates to address the bugs that led to remote code execution mentioned above, as well as DoS vulnerabilities in its products to avoid unfortunate incidents that people User may encounter.
In a new security recommendation was released with the title 'ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library ', Microsoft explained that opening malicious FBX files in Office applications could lead to remote code execution, specifically as follows:
'Remote code execution vulnerabilities exist in Microsoft products that use the FBX library when processing specially crafted 3D content. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the local user. To exploit the vulnerability, an attacker must send a specially crafted file containing 3D content to disguise, then send it to the victim and persuade them to open the file.
Security updates address these vulnerabilities by fixing bugs that exist in Microsoft software's 3D content processing process.
How to install Microsoft Office security updates
To install security updates, users can open an Office application, click the File options menu , and then select Account .
The Account section opens, looking to the right, you will see a section titled " Office Updates " with a button labeled ' Update Options '. Click this button and select ' Update Now '.
Office Updates section Microsoft Office will automatically check and install any available updates.
Automatically check for available updates After the updates are downloaded and installed, you will need to restart your Office applications.
Marvin FryYou should read it
- Microsoft fixes 28 Windows and Office security bugs
- Update Firefox now to fix a serious security hole
- Microsoft Remote Desktop for iOS has a major update with many worthwhile changes
- How to Update Microsoft Word on Windows and Mac
- Microsoft has released a critical update for Windows 10, users need to update now
- If you are using Firefox, update it immediately to fix security
- Lenovo updates BIOS to patch security holes for hundreds of device models
- Microsoft released Service Pack 1 update for Office 2013
May be interested
- What types of data are for sale on the dark web?
what are the most popular types of data for sale on the dark web? - Warning: The number of malicious emails is increasing rapidly on Gmail and recommendations from Googlegoogle said it successfully blocked millions of covid-19-related emails on gmail every day, continuously for more than a week, and issued warnings and recommendations to use to protect themselves against love. escalating network attack pattern.
- Warning: Cybercriminals are targeting Zoom, Google Classroom and Teamspopular online video conferencing applications like zoom, teams and google classroom are increasingly being fake by malicious agents to create fake domain names.
- Intel released the 10th generation H series CPUs for laptops, promising outstanding performanceintel has officially announced its 10th-generation mobile core processor 'comet lake h-series' for laptops, with the goal of pushing the maximum clock speed on laptops beyond the 5ghz mark without pressing design. pulse or any additional intervention.
- The world's largest hacker forum has just been hacked, many members like 'sitting on a fire'ogusers became the victim of a hack, despite the forum being run by the world's top hackers.
- Will 5G make us more vulnerable to cyber attacks?the new generation of 5g mobile networks is beginning to be deployed increasingly popular in countries around the world.
Attack the network
Adobe releases a series of important periodic security updates- Microsoft Office iOS app has an important update, supports downloading PDF files for offline use
- Detects 'long-standing' security vulnerabilities in Microsoft Office
- Microsoft confirms end of Office Apps support on Windows 10 Mobile
- Microsoft released Service Pack 1 update for Office 2013
Adobe releases a series of important periodic security updates
Microsoft Office iOS app has an important update, supports downloading PDF files for offline use
Detects 'long-standing' security vulnerabilities in Microsoft Office
Microsoft confirms end of Office Apps support on Windows 10 Mobile
Microsoft released Service Pack 1 update for Office 2013