HomeWinBuzzer NewsMicrosoft Office and Paint 3D Patches Arrive for Autodesk Vulnerabilities

Microsoft Office and Paint 3D Patches Arrive for Autodesk Vulnerabilities

Last week, Autodesk confirmed several security flaws across products. Microsoft Office and Paint 3D include Autodesk features and have been patched.

-

Users of several services are receiving an important security update. Redmond has rolled out patches for , , and Paint 3D. According to Microsoft, the updates squash recently discovered bugs in the Autodesk FBX 3D library.

Those named Microsoft services all have integration with the Autodesk, which is a library for the FBX file format for 3D animations. Among those products are Paint 3D Microsoft Office 2016 Click-to-Run, Microsoft Office 2019, and . All affected Office products are for 32-bit and 64-bit systems.

Microsoft points out the vulnerabilities were “important” and not “critical” even though they would allow bad actors to execute remote code execution attacks through Autodesk FBX. However, attacks would need to have system access as a credentialed local user to affect the Microsoft products.

“Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Autodesk Vulnerabilities

Autodesk confirmed the problem in an advisory last week. The AutoCAD developer says all apps that use FBX-SDK Version 2020.0 or earlier have the bug. There are several vulnerabilities, such as in type confusion, use-after-free, buffer overflow, NULL pointer dereference, integer overflow, and heap overflow vulnerabilities.

Those vulnerabilities are listed as CVE-2020-7081, CVE-2020-7082, CVE-2020-7080, CVE-2020-7084, CVE-2020-7083, and CVE-2020-7085. Specific Autodesk products are directly affected by the bugs, including Motion Builder, AutoCAD, Mudbox, Maya, Fusion, Infraworks, Revit, and Navisworks.

The company thanks Microsoft's Security Response Center Vulnerabilities and Mitigations Team for helping to identify the problems.

Last Updated on September 14, 2020 4:24 pm CEST by Luke Jones

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News