Microsoft users are potentially at risk from two new vulnerabilities that were recently discovered by Mimecast researchers and for which Microsoft have subsequently released a patch.
The new vulnerabilities were announced by Mimecast in two blog posts, and relate to a remote code execution vulnerability in Microsoft Office, as well as a vulnerability affecting Microsoft Project.
Mimecast says it’s critical that organisations implement Microsoft’s patches for the two vulnerabilities as a matter of urgency.
Given the volume of organisations that use Microsoft Office applications – almost 1.2 billion worldwide – it is vitally important that the appropriate patches be implemented before cybercriminals exploit the vulnerabilities.
Cyberattackers are enhancing their efforts by increasing the size, scope, and sophistication of their attacks.
Due to the widespread use of Microsoft software and applications, they are favourite targets for criminals, who try to exploit vulnerabilities through a growing range of attack methods.
It is therefore critical that organisations implement layers of security that can build greater resilience against cyberthreats throughout the organisation.
Microsoft has released a patch for the vulnerability named CVE-2020-1321 titled Microsoft Office Remote Code Execution Vulnerability after Mimecast researchers shared their findings through a responsible disclosure process.
If left unpatched, cybercriminals could exploit the vulnerability by directing a Microsoft Office file they constructed via a phishing email to both cause a crash as well as run embedded code just before the programme exits.
The second – CVE-2020-1322 – affects Microsoft Project and can lead to unintentional information disclosure.
Attackers need only get hold of .MPP files that were saved with an unpatched version of Microsoft Project to potentially gain access to information that can be used to further compromise a user’s system. At the time of writing, no known exploits of this vulnerability have been found.
More information about how the vulnerabilities were found and what organisations can do to protect themselves are contained in two blog posts.
Meni Farjon, Chief Scientist Advanced Threat Detection at Mimecast will be doing a deep dive on these and other vulnerabilities on 6 August at 8:00pm (SA time), at Black Hat USA 2020.
You can register to attend here.
This article was published in partnership with Mimecast.