January’s Patch Tuesday contains several security updates, including fixes for five remote code execution (RCE) vulnerabilities in Microsoft’s various Office products. Microsoft has rated the severity of these vulnerabilities as Important since they enable an attacker to execute code as the currently logged in user. Affected versions of the desktop Office suite include Office 2010, 2013 and 2016. SharePoint Sever also had its share of vulnerabilities with Microsoft patching six CVEs ranging from spoofing to more RCE.
Analyst Notes
All 11 vulnerabilities in the Office suite covered by this month’s Patch Tuesday were rated at an Important level of severity. Binary Defense highly recommends everyone allow the Office suite to update. For most, this will happen transparently through Windows Update. Organizations requiring manually deployed updates can follow instructions for each patch in the January 2021 updates for Microsoft Office post.
Source: https://www.bleepingcomputer.com/news/security/office-january-security-updates-fix-remote-code-execution-bugs/
https://support.microsoft.com/en-us/help/4583559/january-2021-updates-for-microsoft-office
