Microsoft Outlook CVE-2020-1229 Security Feature Bypass Vulnerability

description-logoDescription

A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker. Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted image to the user. The update addresses the vulnerability by changing how remote images are processed in Outlook.

affected-products-logoAffected Applications

Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 x86
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 x64
Microsoft Office 2019 for Mac
Microsoft Office 2016 for Mac
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2016 x86
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Word 2016 x64
Microsoft Word 2010 Service Pack 2 (64-bit editions)

CVE References

CVE-2020-1229