Security News > 2020 > April > Patch now! Microsoft issues unexpected Office fix
Well, here's the thing: it seems that the Microsoft Office 2019 and Office 365 ProPlus products from Microsoft include support for FBX files - whether you use FBXes yourself or not - and that the code to process those files comes from Autodesk.
As you probably know, an RCE bug that is present when a vulnerable application processes a booby-trapped file often means that simply opening up or previewing that file could allow crooks to implant malware on your computer.
You typically won't see any of the usual "Do you want to download?" or "This file wants to run a program, are you sure?" warnings, so opening the file will not only feel innocent - as opening up a data file is supposed to be - but also appear innocent, too.
A bug requiring you to click on and open up a rogue file isn't as dangerous as a security hole that can be exploited remotely even when no one's logged in, because you have to be tempted at least to look at the offending item.
Type file explorer in the search bar and launch the Windows File Explorer app; go to the View menu and check the box labelled File Name Extensions.
News URL
https://nakedsecurity.sophos.com/2020/04/24/patch-now-microsoft-issues-unexpected-office-fix/
Related news
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)