Microsoft Office 365’s SharePoint has got a dangerous remote code execution flaw. On Tuesday, Office365 released their latest patches which addressed bugs affecting Microsoft Edge and Office apps, like Excel and Outlook.
The recent Patch Tuesday release, and the last patch release for 2020, had over 58 overall fixes, with nine critical bug fixes. The most pressing of issues mentioned in the patch release affects SharePoint, with two critical remote code execution flaws discovered in Office 365. The SharePoint flaws have been classified as CVE-2020-17118 and CVE-2020-17121. While the CVE-2020-17118 flaw requires threat actors to have basic user privileges in order to exploit it, the CVE-2020-17121 can be exploited remotely without any authentication.
In order to execute these attacks, a malicious actor would simply need to trick an unsuspecting user into opening compromised Office files.