Security News > 2021 > February > Microsoft Office February security updates patch Sharepoint, Excel RCE bugs
Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates.
Microsoft also released non-security Office updates last week addressing bugs that may lead to PowerPoint crashes and other issues affecting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products.
The company issued the February 2021 Patch Tuesday updates yesterday, with patches for a Windows Win32k elevation of privilege zero-day exploited in the wild and 56 other security vulnerabilities, 11 of them classified as critical severity.
Microsoft urged customers to install security updates for three critical and high severity Windows TCP/IP security bugs as soon as possible due to the elevated exploitation risk and potential denial-of-service attacks that could soon target unpatched systems.
This month's Office security updates address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer-based editions of Microsoft Office products to remote code execution, information disclosure, and spoofing attacks.
Microsoft Office security updates can be installed through the Microsoft Update platform or via Microsoft's Download Center.
News URL
Related news
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- CISA tags Microsoft SharePoint RCE bug as actively exploited (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Microsoft Office LTSC 2024 preview available for Windows, Mac (source)
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)