“A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.”
This vulnerability was overshadowed by the SMBv3 remote code execution vulnerability “announced” at the same time, as we have written about earlier. Basefarm evaluated this to be just as likely, if not more, to cause major infections in a corporate environment. It requires some user action to successfully exploit, but opening a document is not an action most users considers risky.
Basefarm recommends applying this patch as soon as possible, even though there is no known exploitation and no proof of concept published, because if a campaign starts up exploiting this on a Friday afternoon you will not have enough time to react.
This affects Microsoft Office (certain versions) AND Sharepoint Server 2019.
Basefarm is tracking this internally as BF-VLN-2004690.