CVE-2020-1338 : Security Advisory and Response

A remote code execution vulnerability in Microsoft Word can allow attackers to take actions on behalf of the user.

Understanding CVE-2020-1338

What is CVE-2020-1338?

A remote code execution vulnerability in Microsoft Word allows attackers to exploit specially crafted files to perform actions in the user's security context.

The Impact of CVE-2020-1338

Exploitation of this vulnerability could lead to unauthorized actions being taken on behalf of the user.

Technical Details of CVE-2020-1338

Vulnerability Description

The vulnerability arises from improper handling of objects in memory by Microsoft Word.
Attackers can execute actions as the current user through a malicious file.

Affected Systems and Versions

Microsoft SharePoint Server 2019 (Version 16.0.0)
Microsoft Office 2019 (Version 19.0.0)
Microsoft Office 2019 for Mac (Version 16.0.0)
Microsoft Office Online Server (Version 16.0.1)
Microsoft 365 Apps for Enterprise (Version 16.0.1)
Microsoft Office 2016 for Mac (Version 16.0.0)

Exploitation Mechanism

Users need to open a specially crafted file with an affected version of Microsoft Word to exploit the vulnerability.
Attackers can employ email or web-based scenarios to trick users into opening these files.

Mitigation and Prevention

Immediate Steps to Take

Apply the security update provided by Microsoft to fix the vulnerability.

Long-Term Security Practices

Exercise caution when opening files from unknown or untrusted sources.
Keep software up to date to prevent potential vulnerabilities.
Educate users on recognizing and avoiding phishing attempts.
Consider using email filters and web filters to block malicious content.

Patching and Updates

Utilize Microsoft's security updates for Microsoft Word to patch the vulnerability.