Test ID:	1.3.6.1.4.1.25623.1.0.817399
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Oct 2020)
Summary:	This host is missing a critical security; update according to Microsoft Office Click-to-Run updates.
Description:	Summary: This host is missing a critical security update according to Microsoft Office Click-to-Run updates. Vulnerability Insight: Multiple flaws exist due to: - An error when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. - Multiple errors in Microsoft Excel because it fails to properly handle objects in memory. - Multiple errors in Microsoft Outlook because it fails to properly handle objects in memory. - An error in Microsoft Word software when it fails to properly handle .LNK files. - Multiple errors in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. - An error when the Base3D rendering engine improperly handles memory. - An error in Microsoft Office because it fails to properly handle objects in memory. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions and conduct a denial-of-service condition. Affected Software/OS: Microsoft Office 365 (2016 Click-to-Run). Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-16957 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16957 Common Vulnerability Exposure (CVE) ID: CVE-2020-16929 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929 https://www.zerodayinitiative.com/advisories/ZDI-20-1251/ Common Vulnerability Exposure (CVE) ID: CVE-2020-16931 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16931 https://www.zerodayinitiative.com/advisories/ZDI-20-1255/ Common Vulnerability Exposure (CVE) ID: CVE-2020-16932 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16932 https://www.zerodayinitiative.com/advisories/ZDI-20-1253/ Common Vulnerability Exposure (CVE) ID: CVE-2020-16947 http://packetstormsecurity.com/files/169961/Microsoft-Outlook-2019-16.0.13231.20262-Remote-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16947 https://www.zerodayinitiative.com/advisories/ZDI-20-1249/ https://www.zerodayinitiative.com/advisories/ZDI-20-1250/ Common Vulnerability Exposure (CVE) ID: CVE-2020-16949 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949 Common Vulnerability Exposure (CVE) ID: CVE-2020-16933 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16933 Common Vulnerability Exposure (CVE) ID: CVE-2020-16930 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16930 https://www.zerodayinitiative.com/advisories/ZDI-20-1252/ https://www.zerodayinitiative.com/advisories/ZDI-20-1256/ Common Vulnerability Exposure (CVE) ID: CVE-2020-16955 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955 Common Vulnerability Exposure (CVE) ID: CVE-2020-16928 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928 Common Vulnerability Exposure (CVE) ID: CVE-2020-16934 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934 Common Vulnerability Exposure (CVE) ID: CVE-2020-16918 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16918 Common Vulnerability Exposure (CVE) ID: CVE-2020-16954 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16954
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.