Share this article

Improve this guide

Patch Tuesday keeps your Office suite safe from attackers

2 min. read

Published onDecember 10, 2019

published onDecember 10, 2019

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

December 2019 Patch Tuesdayupdates are finally here, and besides the usual non-securityupdates, this time Microsoft is fixing some denial of service vulnerabilities found in the Microsoft Office suite.

More specifically,Microsoft Word,Excel, andPowerPointare getting patched throughsecurity updates. This means that they will not be exploitable anymore, as long as you update, of course.

Microsoft’s Office suite is getting patched for vulnerabilities

Microsoft’s Office suite is getting patched for vulnerabilities

Microsoft Word – CVE-2019-1461

CVE-2019-1461 is a denial of servicevulnerabilitythat is present inMicrosoft Wordwhen the software can’t handleobjects in memory. As a result, attackers could implement a remote denial of service.

It’s worth mentioning that this action can take place only when a specific document is accessed by a vulnerable user. Microsoft is recommending the installation of the latestupdatesto addressthis issue.

Microsoft PowerPoint – CVE-2019-1462

CVE-2019-1462 is a denial of servicevulnerabilitythat is present inMicrosoft PowerPointand is very similar to the one found inWord. But unlike that one, the exploitation ofCVE-2019-1462allows an attacker torun arbitrary code in the context of the current user:

If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

For this attack to manifest itself, a user would have to open a specific file from an email or to click on a certain link on a website.

Microsoft Excel – CVE-2019-1464

CVE-2019-1464 is ainformation disclosurevulnerabilitythat is present inMicrosoft Excel. This means that the exploitation of thisvulnerabilitycould lead to loss of sensitive data.

The attack could take place only if a user would open a specific file. Microsoft is recommending the installation of the latestupdatesto addressthis issue.

Just to be clear, all thesevulnerabilitiesare addressed by the Redmond giant in the latestupdates. If you want to keep your PC safe and updated, download and install the December 2019Patch Tuesdayfromthis link.

READ ALSO:

More about the topics:MS Office

Vlad Turiceanu

Windows Editor

Passionate about technology,Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world.

Coming from a solid background in PC building and software development, with a complete expertise in touch-based devices, he is constantly keeping an eye out for the latest and greatest!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Vlad Turiceanu

Windows Editor

Coming from a solid background in PC building and software development, he’s a Windows 11 Privacy & Security expert.