CVE-2020-0991: 
vulnerability analysis and mitigation

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory (CVE-2020-0991). The vulnerability was disclosed and patched in April 2020 as part of Microsoft's regular security updates (Microsoft Support).

The vulnerability affects Microsoft Office 2016 and related components. The security update addresses the vulnerability by correcting how Microsoft Office software handles objects in memory. The fix was included in security update 4484287 for both 32-bit and 64-bit versions of Office 2016 (Microsoft Support).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. If the current user has administrative privileges, the attacker could take control of the affected system, install programs, view/change/delete data, or create new accounts with full user rights (Microsoft Support).

Microsoft released security update 4484287 to address this vulnerability. The update is available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. Users can obtain the update through automatic updates or by downloading the standalone package for either 32-bit or 64-bit versions of Office 2016 (Microsoft Support).