RCE Vulnerabilities in Microsoft Office Products: Beware Students & Teachers

This month, Microsoft has released updates to address 129 vulnerabilities, 23 of which are critical. Tenable’s monthly Patch Wednesday roundup examines several of the vulnerabilities, including a crop of RCEs in Microsoft Office products which are particularly concerning as students and teachers begin e-learning. Satnam Narang, Staff Research Engineer at Tenable also comments on some of the severe vulnerabilities.

“For the fourth month in a row, Microsoft has patched over 120 CVEs, addressing 129 CVEs in September including 23 critical-rated vulnerabilities. Some of the most severe vulnerabilities in this month’s release include a pair of remote code execution flaws in Microsoft SharePoint and a critical vulnerability in Microsoft Exchange Server. CVE-2020-1210 is a vulnerability in SharePoint due to a failure to check an application package’s source markup. To exploit this flaw, an attacker would need to be able to upload a SharePoint application package to a vulnerable SharePoint site. This vulnerability is reminiscent of a similar SharePoint remote code execution flaw, CVE-2019-0604, that has been exploited in the wild by threat actors since at least April 2019.

CVE-2020-1576 is another SharePoint flaw patched this month that’s also similar to CVE-2020-1210.CVE-2020-16875 is a memory corruption vulnerability in Microsoft Exchange Server due to improper handling of objects in memory. Exploitation of this flaw would simply require an attacker to send a malicious email containing the exploit code to a vulnerable Exchange server. This vulnerability would allow the attacker to run arbitrary code, which could grant them access to create new accounts, access, modify or remove data, and install programs.” – Satnam Narang, Staff Research Engineer at Tenable.