Microsoft releases important OOB security updates for Microsoft Office

Microsoft has urgently released an "out-of-band" security update to fix remote code execution vulnerabilities that exist in the Autodesk FBX library (Autodesk FBX Software Development Kit), which is integrated. in Microsoft Office and Paint 3D applications.

Last month, Autodesk also released security updates to its Autodesk FBX Software Development Kit to address issues related to remote code execution as well as service denial vulnerabilities. by crashes in specially crafted FBX files. FBX is the Autodesk file format used to store 3D models, formats and animations.

To exploit these vulnerabilities, an attacker will create a malicious FBX file to take advantage of buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference and heap overflow, "then carry out DoS attacks or execute code remotely.

Microsoft Office uses Autodesk FBX library

In fact, Microsoft Office 2016, Microsoft 2019, Office 365 and Paint 3D applications all use Autodesk FBX library. This forced Microsoft to release new security updates to address the bugs that led to remote code execution mentioned above, as well as DoS vulnerabilities in its products to avoid unfortunate incidents that people User may encounter.

In a new security recommendation was released with the title 'ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library ', Microsoft explained that opening malicious FBX files in Office applications could lead to remote code execution, specifically as follows:

'Remote code execution vulnerabilities exist in Microsoft products that use the FBX library when processing specially crafted 3D content. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the local user. To exploit the vulnerability, an attacker must send a specially crafted file containing 3D content to disguise, then send it to the victim and persuade them to open the file.

Security updates address these vulnerabilities by fixing bugs that exist in Microsoft software's 3D content processing process.

How to install Microsoft Office security updates

To install security updates, users can open an Office application, click the File options menu , and then select Account .

The Account section opens, looking to the right, you will see a section titled " Office Updates " with a button labeled ' Update Options '. Click this button and select ' Update Now '.

Microsoft Office will automatically check and install any available updates.

After the updates are downloaded and installed, you will need to restart your Office applications.