All you have to do is make an Office document with some ActiveX controls then open up the raw document and check out the. Mimecast’s description of the bug includes the simple steps to replicate the problem.
Maybe it was too simple and obvious? It took Mimecast, a third-party, to find it and notify Microsoft. This security leak has been staring Microsoft in the corporate face for years without detection. Some security bugs in Office are really complex but others are so simple that you have to wonder what has taken Microsoft so long? You can find them on the Developer Tab under Legacy Tools. The security breach involves ActiveX controls which are still supported in Office 2019, 3. Two months later Microsoft fixed the problem in their January 2019 bundle of security bug fixes.
Office for mac 2011 memory leak windows#
All supported Office for Windows are affected from Office 2010 to Office 2019 and Office 365. discovered the ActiveX memory leak back in November 2018 and told Microsoft. If you’ve applied the January 2019 bug fixes, specifically the ones for CVE-2019-0560 then you’re OK. When the document is saved, a chunk of information memory is saved with the document … a great big no, no.Īs Mimecast shows, that info saved to the document could include private information that definitely should not be in a Word document.Įxample from Mimecast of OneDrive/SharePoint link wrongly saved in document.Īs far as anyone knows, this Office security bug has not been used by hackers. You can find them on the Developer Tab under Legacy Tools.Ī hacker can send a document with ActiveX controls, get someone to open the document and enable the ActiveX controls. discovered the ActiveX memory leak back in November 2018 and told Microsoft. The unanswered question, why did it take so long to discover it? Thanks for joining us! You'll get a welcome message in a few moments.Īn astonishingly simple security breach in Microsoft Office has finally been patched two months after Microsoft confirmed the problem.
0 kommentar(er)
