Microsoft released the July 2020 Office security updates with a total of 25 security updates and 5 cumulative updates for 7 different products, fixing 17 vulnerabilities that could allow remote attackers to execute arbitrary code on unpatched systems.
All Office security update published by Microsoft as part of July 2020 Patch Tuesday address vulnerabilities that could allow remote code execution on Windows systems running unpatched Microsoft Installer (.msi)-based and Click to Run editions of Microsoft Office products.
The 9 RCE vulnerabilities patched this month are rated by Microsoft as either Critical or Important severity issues since they could enable attackers to execute arbitrary code in the context of the current user after successful exploitation.
The attackers could then install malicious programs, view, change, and delete data, as well as create their own rogue Windows accounts with full permissions on the compromised computers.
Microsoft also patched 8 information disclosure, cross-site scripting (XSS), reflected XSS, and spoofing vulnerabilities affecting the entire Microsoft Office software suite or the SharePoint web-based collaborative platform.
