Vulnerabilities > CVE-2020-1229 - Unspecified vulnerability in Microsoft 365 Apps, Office and Word
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS20_JUN_WORD.NASL description The Microsoft Word Products is missing a security update, and Therefore is affected by a security feature bypass vulnerability. An attacker who exploited this vulnerability could cause a system to load remote images which could disclose the IP address of the targeted system to the attacker. last seen 2020-06-13 modified 2020-06-09 plugin id 137272 published 2020-06-09 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137272 title Security Feature Bypass Vulnerability for Word (June 2020) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. include('compat.inc'); if (description) { script_id(137272); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/17"); script_cve_id("CVE-2020-1229"); script_xref(name:"MSKB", value:"4484380"); script_xref(name:"MSKB", value:"4484396"); script_xref(name:"MSKB", value:"4484361"); script_xref(name:"MSFT", value:"MS20-4484380"); script_xref(name:"MSFT", value:"MS20-4484396"); script_xref(name:"MSFT", value:"MS20-4484361"); script_xref(name:"IAVA", value:"2020-A-0255"); script_name(english:"Security Feature Bypass Vulnerability for Word (June 2020)"); script_set_attribute(attribute:"synopsis", value: "The Microsoft Word Products are affected by security feature bypass vulnerability."); script_set_attribute(attribute:"description", value: "The Microsoft Word Products is missing a security update, and Therefore is affected by a security feature bypass vulnerability. An attacker who exploited this vulnerability could cause a system to load remote images which could disclose the IP address of the targeted system to the attacker."); script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/4484380"); script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/4484396"); script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/4484361"); script_set_attribute(attribute:"solution", value: "Microsoft has released the following security updates to address this issue: -KB4484380 -KB4484396 -KB4484361 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1229"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("office_installed.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include('smb_func.inc'); include('smb_hotfixes.inc'); include('smb_hotfixes_fcheck.inc'); include('smb_reg_query.inc'); include('install_func.inc'); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS20-06'; kbs = make_list( '4484380', '4484396', '4484361' ); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1); port = kb_smb_transport(); checks = make_array( '14.0', make_array('sp', 2, 'version', '14.0.7252.5000', 'kb', '4484380'), '15.0', make_array('sp', 1, 'version', '15.0.5249.1000', 'kb', '4484361'), '16.0', make_nested_list(make_array('sp', 0, 'version', '16.0.5017.1000', 'channel', 'MSI', 'kb', '4484396'), # C2R make_array('version', '16.0.11328.20602', 'channel', 'Deferred'), make_array('version', '16.0.11929.20838', 'channel', 'Deferred', 'channel_version', '1908'), make_array('version', '16.0.12527.20720', 'channel', 'First Release for Deferred'), make_array('version', '16.0.12827.20336', 'channel', 'Current'), # 2019 make_array('version', '16.0.12827.20336', 'channel', '2019 Retail'), make_array('version', '16.0.10361.20002', 'channel', '2019 Volume') ) ); if (hotfix_check_office_product(product:'Word', checks:checks, bulletin:bulletin)) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_warning(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS20_JUN_OFFICE.NASL description The Microsoft Office Products are missing a security update. It is, therefore, affected by the following vulnerability : - A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker. Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. (CVE-2020-1229) last seen 2020-06-13 modified 2020-06-09 plugin id 137267 published 2020-06-09 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137267 title Security Updates for Microsoft Office Products (June 2020) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include('compat.inc'); if (description) { script_id(137267); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/17"); script_cve_id("CVE-2020-1229"); script_xref(name:"MSKB", value:"4484342"); script_xref(name:"MSKB", value:"4484351"); script_xref(name:"MSKB", value:"4484373"); script_xref(name:"MSKB", value:"4484378"); script_xref(name:"MSFT", value:"MS20-4484342"); script_xref(name:"MSFT", value:"MS20-4484351"); script_xref(name:"MSFT", value:"MS20-4484373"); script_xref(name:"MSFT", value:"MS20-4484378"); script_xref(name:"IAVA", value:"2020-A-0255"); script_name(english:"Security Updates for Microsoft Office Products (June 2020)"); script_set_attribute(attribute:"synopsis", value: "The Microsoft Office Products are missing a security update."); script_set_attribute(attribute:"description", value: "The Microsoft Office Products are missing a security update. It is, therefore, affected by the following vulnerability : - A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker. Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. (CVE-2020-1229)"); # https://support.microsoft.com/en-us/help/4484378/security-update-for-office-2010-june-9-2020 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b4dcb740"); # https://support.microsoft.com/en-us/help/4484373/security-update-for-office-2010-june-9-2020 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?89263810"); # https://support.microsoft.com/en-us/help/4484342/security-update-for-office-2016-june-9-2020 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c31ba927"); # https://support.microsoft.com/en-us/help/4484351/security-update-for-office-2013-june-9-2020 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de8b10ec"); script_set_attribute(attribute:"solution", value: "Microsoft has released the following security updates to address this issue: -KB4484342 -KB4484351 -KB4484373 -KB4484378"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1229"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("office_installed.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include('smb_func.inc'); include('smb_hotfixes.inc'); include('smb_hotfixes_fcheck.inc'); include('smb_reg_query.inc'); include('install_func.inc'); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS20-06'; kbs = make_list( '4484342', '4484351', '4484373', '4484378' ); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1); vuln = FALSE; port = kb_smb_transport(); office_vers = hotfix_check_office_version(); # Office 2010 SP2 if (office_vers['14.0']) { office_sp = get_kb_item('SMB/Office/2010/SP'); if (!isnull(office_sp) && office_sp == 2) { prod = 'Microsoft Office 2010 SP2'; path = hotfix_get_officecommonfilesdir(officever:'14.0'); path = hotfix_append_path(path:path, value:'Microsoft Shared\\Office14'); if ( hotfix_check_fversion(file:'mso.dll', version:'14.0.7252.5000', path:path, kb:'4484373', bulletin:bulletin, product:prod) == HCF_OLDER || hotfix_check_fversion(file:'wwlibcxm.dll', version:'14.0.7252.5000', path:path, kb:'4484378', bulletin:bulletin, product:prod) == HCF_OLDER) vuln = TRUE; } } # Office 2013 SP1 if (office_vers['15.0']) { office_sp = get_kb_item('SMB/Office/2013/SP'); if (!isnull(office_sp) && office_sp == 1) { prod = 'Microsoft Office 2013 SP1'; path = hotfix_get_officecommonfilesdir(officever:'15.0'); path = hotfix_append_path(path:path, value:'Microsoft Shared\\Office15'); kb = '4484351'; file = 'mso.dll'; version = '15.0.5249.1001'; if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ) vuln = TRUE; } } # Office 2016 if (office_vers['16.0']) { office_sp = get_kb_item('SMB/Office/2016/SP'); if (!isnull(office_sp) && office_sp == 0) { prod = 'Microsoft Office 2016'; path = hotfix_get_officecommonfilesdir(officever:'16.0'); path = hotfix_append_path(path:path, value:'Microsoft Shared\\Office16'); kb = '4484342'; file = 'mso.dll'; version = '16.0.5017.1000'; if (hotfix_check_fversion(file:file, version:version, channel:'MSI', channel_product:'Office', path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER) vuln = TRUE; prod2019 = 'Microsoft Office 2019'; path = hotfix_get_officeprogramfilesdir(officever:'16.0'); path = hotfix_append_path(path:path, value:'Microsoft Office\\root\\Office16'); if ( hotfix_check_fversion(file:'graph.exe', version:'16.0.11328.20602', channel:'Deferred', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER || hotfix_check_fversion(file:'graph.exe', version:'16.0.11929.20838', channel:'Deferred', channel_version:'1908', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER || hotfix_check_fversion(file:'graph.exe', version:'16.0.12527.20720', channel:'First Release for Deferred', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER || hotfix_check_fversion(file:'graph.exe', version:'16.0.12827.20336', channel:'Current', channel_product:'Office', path:path, bulletin:bulletin, product:prod) == HCF_OLDER || # 2019 hotfix_check_fversion(file:'graph.exe', version:'16.0.12827.20336', channel:'2019 Retail', channel_product:'Office', path:path, bulletin:bulletin, product:prod2019) == HCF_OLDER || hotfix_check_fversion(file:'graph.exe', version:'16.0.10361.20002', channel:'2019 Volume', channel_product:'Office', path:path, bulletin:bulletin, product:prod2019) == HCF_OLDER ) vuln = TRUE; } } if (vuln) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_warning(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
The Hacker News
| id | THN:882595A940E5AB15E8B9C472154ACA45 |
| last seen | 2020-06-10 |
| modified | 2020-06-10 |
| published | 2020-06-09 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2020/06/windows-update-june.html |
| title | Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities |