December 2019 Patch Tuesday updates are finally here, and besides the usual non-security updates, this time Microsoft is fixing some denial of service vulnerabilities found in the Microsoft Office suite.
More specifically, Microsoft Word, Excel, and PowerPoint are getting patched through security updates. This means that they will not be exploitable anymore, as long as you update, of course.
Microsoft’s Office suite is getting patched for vulnerabilities
Microsoft Word – CVE-2019-1461
CVE-2019-1461 is a denial of service vulnerability that is present in Microsoft Word when the software can’t handle objects in memory. As a result, attackers could implement a remote denial of service.
It’s worth mentioning that this action can take place only when a specific document is accessed by a vulnerable user. Microsoft is recommending the installation of the latest updates to address this issue.
Microsoft PowerPoint – CVE-2019-1462
CVE-2019-1462 is a denial of service vulnerability that is present in Microsoft PowerPoint and is very similar to the one found in Word. But unlike that one, the exploitation of CVE-2019-1462 allows an attacker to run arbitrary code in the context of the current user:
If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
For this attack to manifest itself, a user would have to open a specific file from an email or to click on a certain link on a website.
Microsoft Excel – CVE-2019-1464
CVE-2019-1464 is a information disclosure vulnerability that is present in Microsoft Excel. This means that the exploitation of this vulnerability could lead to loss of sensitive data.
The attack could take place only if a user would open a specific file. Microsoft is recommending the installation of the latest updates to address this issue.
Just to be clear, all these vulnerabilities are addressed by the Redmond giant in the latest updates. If you want to keep your PC safe and updated, download and install the December 2019 Patch Tuesday from this link.
- Best practices for Microsoft Patch Tuesday
- How to download the latest Patch Tuesday updates
- Exploit Wednesday & Uninstall Thursday: Stay safe after Patch Tuesday