Multiple vulnerabilities in microsoft office

Protect the U Menu. Privacy Menu. Report an IT Security Incident. You are here Home. Summary Multiple vulnerabilities have been discovered in Microsoft Office that could allow remote code execution. Problem Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Action Items Apply the Microsoft patches as soon as possible after appropriate expedited testing.

Threats Microsoft has reported that CVE is being exploited in the wild. Technical Details Multiple vulnerabilities have been discovered in Microsoft Office, several of which could allow for remote code execution: CVE is a memory-corruption vulnerability that could allow for remote code execution. It exists in Microsoft Office software when the Office software fails to properly handle rich text format files in memory.

An attacker who successfully exploits the vulnerability could use a specially crafted file to perform actions in the security context of the current user. Eight vulnerabilities have been reported in Microsoft Office, one of which has been publicly disclosed. Seven of these vulnerabilities can be triggered by opening a specially crafted file and can be exploited via email or through the web. In the email-based scenario, the user would have to open the specially crafted file as an email attachment.

In the web based scenario, a user would have to open the specially crafted file that is hosted on a website. When the user opens the file, the attacker's supplied code will execute. The eighth vulnerability requires an attacker to leverage a separate vulnerability and execute code in Internet Explorer.

If you have Microsoft Office installed on your own computer that is not managed by the university, update to the latest version as soon as possible. It is best to set Office to check for updates automatically.

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks.

Please contact iia. Best online nonprofit management degrees Top picks. Best online master's in information systems Top picks. Best online master's in computer engineering Top picks.

Best online human resources doctorate Top picks. Best online information technology doctorate Top picks. Best online sports management associate degrees Top picks. You agree to receive updates, promotions, and alerts from ZDNet.

You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter s which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy. What are you looking for?