CVE-2020-0760: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-0760) was discovered in Microsoft Office, disclosed on April 14, 2020. The vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. This vulnerability affects multiple versions of Microsoft Office products including Office 2016, Access 2016, Excel 2016, and other Office suite applications (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires user interaction and can be exploited remotely without requiring privileges (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. If the current user has administrative privileges, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights (Rapid7).

Microsoft has released security updates to address this vulnerability. Users should apply the security update KB4484214 for Office 2016 and corresponding updates for other affected Office products. The updates are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center (Microsoft Support).