Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0039 Microsoft Patch Day (February 2020) updates for Office products 13 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office 2019 SharePoint Enterprise Server 2016 SharePoint Enterprise Server 2013 SP1 SharePoint Server 2019 Office 365 ProPlus Office Online Server Operating System: Windows Mac OS Impact/Access: Administrator Compromise -- Existing Account Execute Arbitrary Code/Commands -- Remote with User Interaction Cross-site Scripting -- Existing Account Provide Misleading Information -- Remote/Unauthenticated Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-0759 CVE-2020-0697 CVE-2020-0696 CVE-2020-0695 CVE-2020-0694 CVE-2020-0693 Member content until: Saturday, March 14 2020 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2020. This update resolves 6 vulnerabilities across the following products: [1] Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Outlook 2010 Service Pack 2 (32-bit editions) Microsoft Outlook 2010 Service Pack 2 (64-bit editions) Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2013 Service Pack 1 Microsoft SharePoint Server 2019 Office 365 ProPlus for 32-bit Systems Office 365 ProPlus for 64-bit Systems Office Online Server IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0693 Spoofing Important CVE-2020-0694 Spoofing Important CVE-2020-0695 Spoofing Important CVE-2020-0696 Security Feature Bypass Important CVE-2020-0697 Tampering Important CVE-2020-0759 Remote Code Execution Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4484163, KB4484265, KB4484264, KB4484267, KB4484255 KB4484254, KB4484259, KB4484156, KB4484250, KB4484256 REFERENCES [1] Microsoft Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXkSyYGaOgq3Tt24GAQjYlQ/+JivN9NQY5uJgEQYkOgIQ0y5MOg7MZV/t +UAtNHl1QDqP3AOPNbYPUpeG9L1kJfVjjkuNo9MpxFBLKuTNdj4GAU56r+0w2pY8 UmxqqFxss+ss+HextiGlPMPceuFT/8CPhfrAEQTHIOc6njGqhjuVPwUDatu3xvh7 8R1N1pheLcbaAXNbgwAyQkdMeYcNVUy3586zpup5rhwQ9swP2EIOAZ77Ye/OgGz4 v1s3iY7Ir5zmrQo8pgkMf4tv7O1ftOigxKLFinOUN5F2mcXrU64kubpbVIdRchA/ 7CPUxXzPMjZVSl20OuTvpCavj9R4cVP99cE/kTry2q+rmx2N1qDgq133z7vhCOJm 6hkUHw4BJ14d1lYjWiUmVoYQln8q/41DY5pJ6OWSoOG6ASPVTJPGEc2PbXranLBr 2lSPhl7YmPSp894ixveOLM9pTuKE6aBsxmgcQUhENQo3sF8IRzawjZ/SWvuU0NSG m6RIiOF+SCqU1JNaLb7XgHvUny8swcCYt5BG00zLvmYWqr/pZZv/06IXS1NTcb4Y cLkIswT3cH3Cb/qOHs9K+iqFMd6/32q9505CUg381gG/5WwmTGj4tCkXzoC373qv ElwtBaSIQs1ttUsn411BlZwfab4SjmP8f1cjPTd45Z4Gksyp8+wXB0ugAZqexvy8 BQ7BUuIS55o= =ljpU -----END PGP SIGNATURE-----