CVE-2020-16855 : What You Need to Know

Microsoft Office Information Disclosure Vulnerability was published on September 11, 2020, affecting Microsoft Office 2019 and 2016 for Mac. An uninitialized variable in Microsoft Office software could lead to information disclosure.

Understanding CVE-2020-16855

This CVE identifies an information disclosure vulnerability in Microsoft Office software that could allow an attacker to view out-of-bound memory contents.

What is CVE-2020-16855?

An information disclosure vulnerability in Microsoft Office software could potentially expose memory contents due to an uninitialized variable, allowing unauthorized access to sensitive information.

The Impact of CVE-2020-16855

The vulnerability could be exploited by a specially crafted file, enabling an attacker to view out-of-bound memory, potentially leading to unauthorized access to sensitive data.

Technical Details of CVE-2020-16855

This section provides technical insights into the vulnerability.

Vulnerability Description

The vulnerability arises from an uninitialized variable in Microsoft Office software, leading to out-of-bound memory access and potential information disclosure.

Affected Systems and Versions

Microsoft Office 2019 for Mac version 16.0.0
Microsoft Office 2016 for Mac version 16.0.0

Exploitation Mechanism

Exploiting the vulnerability requires a user to open a specially crafted file using the affected Microsoft Office software.

Mitigation and Prevention

Protecting systems from CVE-2020-16855 is crucial to prevent information disclosure.

Immediate Steps to Take

Apply the security update provided by Microsoft to address the vulnerability.
Avoid opening files from untrusted or unknown sources.

Long-Term Security Practices

Regularly update Microsoft Office software to the latest version.
Implement security best practices to prevent unauthorized access to sensitive information.

Patching and Updates

Ensure timely installation of security patches and updates to mitigate the risk of information disclosure.