Security News > 2020 > October > Microsoft fixes critical Outlook bug exploitable via preview pane
The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a remote code execution vulnerability that leads to remote code execution when previewing or opening maliciously crafted emails with a vulnerable Microsoft Outlook version.
CVE-2020-16947 affects several Office products including Microsoft Outlook 2016 and Microsoft Office 2019, as well as Microsoft 365 Apps for Enterprise.
The October 2020 Patch Tuesday Office security updates address remote code execution, security bypass, elevation of privilege, denial of service, information disclosure, and cross-site scripting vulnerabilities on Windows systems running vulnerable Microsoft Installer and Click to Run editions of Microsoft Office products.
This month's Microsoft Office security updates are delivered via the Microsoft Update platform and through the Download Center.
US Cyber Command warned Microsoft customers to immediately patch the Bad Neighbor bug known to affect multiple client and server platforms.
News URL
Related news
- Microsoft shares Outlook workaround for Gmail sign-in issues (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- Microsoft shares temp fix for Outlook, Word crashes when typing (source)
- Microsoft shares workaround for Outlook crashing after opening (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
- Microsoft fixes Outlook email sending issue for users with many folders (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16947 | Out-of-bounds Write vulnerability in Microsoft 365 Apps, Office and Outlook <p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. | 7.5 |