CVE-2020-16955 : What You Need to Know
Learn about CVE-2020-16955, an elevation of privilege vulnerability in Microsoft Office Click-to-Run (C2R) AppVLP. Find out affected systems, versions, and mitigation steps.
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability was published on October 16, 2020, with a CVSS base score of 7.8.
Understanding CVE-2020-16955
An elevation of privilege vulnerability in Microsoft Office Click-to-Run (C2R) AppVLP allows attackers to elevate privileges by exploiting how certain files are handled.
What is CVE-2020-16955?
The vulnerability in Microsoft Office Click-to-Run (C2R) AppVLP enables attackers to elevate privileges by manipulating specific files.
The Impact of CVE-2020-16955
Successful exploitation could lead to unauthorized privilege escalation within affected systems.
Technical Details of CVE-2020-16955
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability affects multiple Microsoft Office versions.
Vulnerability Description
- The vulnerability arises from how Microsoft Office Click-to-Run (C2R) components process files.
- Attackers can exploit this flaw by tricking users into opening malicious files.
Affected Systems and Versions
- Microsoft Office 2013 Click-to-Run (C2R) versions less than 15.0.5571.1000 on 32-bit and x64-based systems.
- Microsoft Office 2019 and Microsoft 365 Apps for Enterprise on both 32-bit and x64-based systems.
Exploitation Mechanism
- Attackers need to persuade users to open specially crafted files to exploit the vulnerability.
Mitigation and Prevention
Immediate Steps to Take:
- Apply the security update provided by Microsoft to address the vulnerability.
Long-Term Security Practices:
- Educate users on safe file handling practices to prevent exploitation.
- Implement security measures to detect and block malicious files.
- Regularly update Microsoft Office to patch known vulnerabilities.