Security News > 2021 > February > Microsoft Office February security updates patch Sharepoint, Excel RCE bugs
Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates.
Microsoft also released non-security Office updates last week addressing bugs that may lead to PowerPoint crashes and other issues affecting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products.
The company issued the February 2021 Patch Tuesday updates yesterday, with patches for a Windows Win32k elevation of privilege zero-day exploited in the wild and 56 other security vulnerabilities, 11 of them classified as critical severity.
Microsoft urged customers to install security updates for three critical and high severity Windows TCP/IP security bugs as soon as possible due to the elevated exploitation risk and potential denial-of-service attacks that could soon target unpatched systems.
This month's Office security updates address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer-based editions of Microsoft Office products to remote code execution, information disclosure, and spoofing attacks.
Microsoft Office security updates can be installed through the Microsoft Update platform or via Microsoft's Download Center.
News URL
Related news
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Microsoft overhauls security for publishing Edge extensions (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)