Security News > 2020 > April > Patch now! Microsoft issues unexpected Office fix

Well, here's the thing: it seems that the Microsoft Office 2019 and Office 365 ProPlus products from Microsoft include support for FBX files - whether you use FBXes yourself or not - and that the code to process those files comes from Autodesk.

As you probably know, an RCE bug that is present when a vulnerable application processes a booby-trapped file often means that simply opening up or previewing that file could allow crooks to implant malware on your computer.

You typically won't see any of the usual "Do you want to download?" or "This file wants to run a program, are you sure?" warnings, so opening the file will not only feel innocent - as opening up a data file is supposed to be - but also appear innocent, too.

A bug requiring you to click on and open up a rogue file isn't as dangerous as a security hole that can be exploited remotely even when no one's logged in, because you have to be tempted at least to look at the offending item.

Type file explorer in the search bar and launch the Windows File Explorer app; go to the View menu and check the box labelled File Name Extensions.

News URL

https://nakedsecurity.sophos.com/2020/04/24/patch-now-microsoft-issues-unexpected-office-fix/