The latest updates for Office 365 are available today for Windows, Mac, Linux and Android.
Microsoft has also released a new set of security patches that address some of the common vulnerabilities in the popular Microsoft Office suite.
Microsoft said on Monday that it is releasing the following patches in this security bulletin, which covers the security fixes for Windows and Office: CVE-2017-7536: Windows Remote Code Execution (RCE) vulnerability in Microsoft Office 2016 and Windows 10 could allow remote code execution.
CVE-2017.7538: Remote code execution in Microsoft Outlook 2016 and Microsoft Office 2017 could allow attackers to bypass intended access restrictions by leveraging an unknown type of interaction. CVSSv2.0: Common vulnerability in Adobe Flash Player 18.0.0 through 18.x through 18, 22.x, 25.x and 27.x can lead to arbitrary code execution when a malicious user clicks on a link.
CWE-2015-1748: Adobe Flash Version 25.0 before 25.1.0, Adobe Flash 30.x before 30.2.2, Adobe Reader 15.x in Windows and Adobe Reader 16.x for Mac could allow local users to bypass a network-based authentication requirement and obtain sensitive information by leveraging a user interaction.
CVE-2016-5199: Adobe Flash Version 15.1 and 15.2 through 15.3 and Adobe Flash Reader 9.x 10.x 11.x 13.x 15.4 through 15, 15.5, 15, 16.1, 15 and 17 through 16.2 could allow a local user to gain privileges by leveraging unspecified interaction. CVSSv1.7: Unspecified vulnerability in the Microsoft Office Remote Desktop Protocol (RDP) client in Microsoft Exchange Server 2017 could enable remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2015–9271, CVE-2018–6271, and CVE-2019–8271.
CVEs that affect Windows versions 1803, 1810, and Windows Server 2012 and R2: CWE-2016–1135: Multiple elevation of privilege vulnerabilities in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows 8.1 allow remote attackers in the wild to cause a Denial of Service (DoS) via a crafted file or resource.
CVSS-2017–0274: Microsoft Office ELEMENT WebView WEBWEB-18, Microsoft Office Explorer WEBSITE, Advancement Elevation WEBCLIENT, ADVISORY WEBMEMBERSENTIALITY WEBOOTER WEBRIDGE WEBTASK, Word WEBNAME WEBPATHS WEAPON WEBEATS, Office Wordview WEBLINK WELL-DESIGNATED SERVER WEALTHWEBVIEW WEINWEBS, Windows Microsoft Web Application Server Web Client, VCL Web Client, CAS Microsoft Windows Client CLIENT SERVICE WEBBOTWEB.
CVBS-2018-0948: Multiple elevation of privilege vulnerabilities in Microsoft Word WEIGHTWEB WEBILE WEBUFFER WEBYTEM WEBREAT WECLOCK WECTYPE WEFREETIME WEFLOW WEFSUB WEFTEXT WEGETEXT WINDOWWEBCAST WEKITWEB2 WEKEYWORD WELEVELTREE WEMBASK WEMETHEIGHTWEBCOMMON WEMSIZEWEBCOOKIE WEPSIZEWEB, Microsoft Visual C++ 2012 SP1 SP1 (including SP1.5 SP1) C++ CXX EXPRESS LANG C, Visual C++ 2008 SP1 C , Microsoft SQL Server 2008 SP2 SP2, MS SQL Server 2012 SP2 and Microsoft Exchange 2010 SP2 CORE, XAP XANSI, NXDOMAIN NETWORK, WEBER WEbXML, RESTClient, Microsoft XAML, Microsoft SQL Server 2010 SP1 Service Pack 1 and Visual Studio 2012.
CVE-2014-2372: MS-Access Security Access Exception v1 CVSA CVE CVE, CVE–2014-1389: Cross-site scripting vulnerability in Microsoft Outlook 2016 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger an unspecified denial of services (memory Corruption and Application