[ JAN 11, 2019 ]
A vulnerability in Microsoft Office allowed documents with embedded ActiveX controls to leak user information, including sensitive information like passwords.
The flaw was discovered by Israel-based company Mimecast in November, and according to a timeline published by the firm, it was reported to Microsoft on November 6. The software giant managed to reproduce the issue two days later and on December 12 it confirmed a fix would be shipped in January.
Microsoft confirmed the vulnerability and detailed it in CVE-2019-0560. According to the company, it affects Office 2010, Office 2013, Office 2016, and Office 2019, as well as Office 365 ProPlus. Patches have already been released for all these products, and they were offered an Important severity rating.
“To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created,” Microsoft explains.
Cyber Security Tip :
- Installing the January 2019 security updates resolves the vulnerability and keeps devices protected against any potential exploit.