Описание
Microsoft Office Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.
An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials. An attacker who successfully exploited this vulnerability could perform a phishing attack.
The update addresses the vulnerability by ensuring Microsoft Office properly validates URLs.
FAQ
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?
Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Server 2019 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
Уязвимость пакетов программ Microsoft Office, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS