Security News > 2020 > April > Patch now! Microsoft issues unexpected Office fix
Well, here's the thing: it seems that the Microsoft Office 2019 and Office 365 ProPlus products from Microsoft include support for FBX files - whether you use FBXes yourself or not - and that the code to process those files comes from Autodesk.
As you probably know, an RCE bug that is present when a vulnerable application processes a booby-trapped file often means that simply opening up or previewing that file could allow crooks to implant malware on your computer.
You typically won't see any of the usual "Do you want to download?" or "This file wants to run a program, are you sure?" warnings, so opening the file will not only feel innocent - as opening up a data file is supposed to be - but also appear innocent, too.
A bug requiring you to click on and open up a rogue file isn't as dangerous as a security hole that can be exploited remotely even when no one's logged in, because you have to be tempted at least to look at the offending item.
Type file explorer in the search bar and launch the Windows File Explorer app; go to the View menu and check the box labelled File Name Extensions.
News URL
https://nakedsecurity.sophos.com/2020/04/24/patch-now-microsoft-issues-unexpected-office-fix/
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)