Security News > 2020 > April > Patch now! Microsoft issues unexpected Office fix

Well, here's the thing: it seems that the Microsoft Office 2019 and Office 365 ProPlus products from Microsoft include support for FBX files - whether you use FBXes yourself or not - and that the code to process those files comes from Autodesk.
As you probably know, an RCE bug that is present when a vulnerable application processes a booby-trapped file often means that simply opening up or previewing that file could allow crooks to implant malware on your computer.
You typically won't see any of the usual "Do you want to download?" or "This file wants to run a program, are you sure?" warnings, so opening the file will not only feel innocent - as opening up a data file is supposed to be - but also appear innocent, too.
A bug requiring you to click on and open up a rogue file isn't as dangerous as a security hole that can be exploited remotely even when no one's logged in, because you have to be tempted at least to look at the offending item.
Type file explorer in the search bar and launch the Windows File Explorer app; go to the View menu and check the box labelled File Name Extensions.
News URL
https://nakedsecurity.sophos.com/2020/04/24/patch-now-microsoft-issues-unexpected-office-fix/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft releases emergency update to fix Office 2016 crashes (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Microsoft: Office 2016 and Office 2019 reach end of support in October (source)