• CVE-2020-0852 RCE Word vuln

    Home » Forums » Admin IT Lounge » Managing updates in organizations » CVE-2020-0852 RCE Word vuln

    Tags:

    Author
    Topic
    it1
    AskWoody Plus
    March 12, 2020 at 4:46 am #2190005

    So this is a pretty nasty RCE vulnerability, using a specially crafted Word doc which can be triggered just by previewing the doc in Outlook.

    Looking at MS’ page on it:

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852

    I’m not seeing Office 2016 (for Windows) in the list. But I’m also not seeing any news on this vuln only applying to Office 2019.

    Does anyone here have any more info or links? Trying to work out whether I should be worried about this one or not (we don’t use 2019 yet)

    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • woody
      Manager
      March 12, 2020 at 7:59 am #2190040

      As I mentioned in the main post:

      CVE-2020-0852 is his [Dustin Childs’]  top pick for a notable security hole. It’s a bug in Word that can be triggered if you preview a Word document in Outlook. The offered patches are for Office 2019 Click-to-Run, Mac Office 2016, Office Online Server, and Sharepoint Server 2019. Microsoft categorizes it as “Exploitation less likely.”

      I don’t have any additional info. Sorry.

      This blurb from Office Watch hits the nail on the head:

      Sadly, this kind of sloppy documentation of Microsoft security bugs is typical. They are intended to give the impression of disclosure without really informing customers of the true nature of the problem.

      2 users thanked author for this post.
      schooltech, Elly
      Reply | Quote
    • it1
      AskWoody Plus
      March 12, 2020 at 9:03 am #2190058

      Hi Woody,

      I appreciate you taking the time out to reply; and to also confirm my worst suspicions 🙁

      2 users thanked author for this post.
      Elly, woody
      Reply | Quote
    Viewing 1 reply thread
    Reply To: CVE-2020-0852 RCE Word vuln

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.