Update KB3185852 resolves various vulnerabilities in Microsoft Office


Ivan Jenic
by Ivan Jenic
Author
Loading Comments

During a Patch Tuesday, Microsoft not only releases updates for various versions of Windows, but also for its other products. This month’s Patch Tuesday introduced the security update KB3185852 for various versions of Microsoft Office, removing some previously discovered vulnerabilities.

The update is pretty versatile and big, as it covers both Microsoft Office suites and standalone products. Products affected by this update are various versions of Office suits, Word, Excel, PowerPoint, but also Outlook, Office Viewers, SharePoint, Office Web Apps, and more.

“The security update addresses the vulnerabilities by correcting how:

  • Microsoft Office saves documents.

  • Click-to-Run components handle memory addresses.

  • affected versions of Office and Office components handle objects in memory.

  • Microsoft Outlook determines the end of MIME messages.”

Perhaps the biggest highlight of this update is that it changes how Outlook determines the end of a MIME message. An improper MIME attachment ending may lead a malicious email to bypassing antivirus and antispam controls, and plague a user’s computer with an unwanted software or document. We say that this improvement is the most important one, because millions of users receive a ton of spam messages every day, and one of them might be from a hacker.

Of course, the update resolves even more vulnerabilities, including  memory corruption, spoofing, and information disclosure vulnerabilities.

For more info about KB3185852, and which improvements it brings to your version of Office, check out TechNet’s support page.

RELATED STORIES YOU NEED TO CHECK OUT: