CVE-2020-17020 : What You Need to Know

Microsoft Word Security Feature Bypass Vulnerability was published on November 11, 2020, affecting various Microsoft Office versions.

Understanding CVE-2020-17020

This CVE identifies a Security Feature Bypass vulnerability in Microsoft Word.

What is CVE-2020-17020?

The CVE-2020-17020 vulnerability pertains to a Security Feature Bypass issue in Microsoft Word.

The Impact of CVE-2020-17020

The vulnerability has a base severity of LOW with a CVSS base score of 3.3. It allows attackers to bypass security features in Microsoft Word.

Technical Details of CVE-2020-17020

This section provides technical insights into the CVE-2020-17020 vulnerability.

Vulnerability Description

The vulnerability allows for a Security Feature Bypass in Microsoft Word, potentially compromising system security.

Affected Systems and Versions

Microsoft Office 2019 (Version 19.0.0)
Microsoft 365 Apps for Enterprise (Version 16.0.1)
Microsoft Word 2016 (Version 16.0.1)
Microsoft Office 2010 Service Pack 2 (Version 13.0.0.0)
Microsoft Word 2010 Service Pack 2 (Version 13.0.0.0)
Microsoft Word 2013 Service Pack 1 (Version 15.0.1)

Exploitation Mechanism

The vulnerability can be exploited by attackers to bypass security controls in the affected Microsoft Word versions.

Mitigation and Prevention

Protect your systems from CVE-2020-17020 with the following measures:

Immediate Steps to Take

Apply security updates from Microsoft.
Consider restricting access to vulnerable systems.
Educate users on safe document handling practices.

Long-Term Security Practices

Regularly update Microsoft Office to the latest versions.
Implement security best practices for document handling and email attachments.

Patching and Updates

Ensure timely installation of security patches and updates provided by Microsoft to address the CVE-2020-17020 vulnerability.