Security 10816 Published by

Microsoft published two Security Advisories: Availability of updates for Microsoft software utilizing the Autodesk FBX library and OpenSSL Remote Denial of Service Vulnerability.





ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library

Security Advisory

Published: 04/21/2020

Microsoft is announcing the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications. Details about the vulnerabilities can be found here -  https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002

Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerabilities, an attacker must send a specially crafted file containing 3D content to a user and convince them to open it.

The security updates address these vulnerabilities by correcting the way 3D content is handled by Microsoft software.

Read more

ADV200007 | OpenSSL Remote Denial of Service Vulnerability

Security Advisory

Published: 04/21/2020

Microsoft is aware of a publicly disclosed remote denial of service vulnerability for OpenSSL version 1.1.1d and newer. Previous versions prior to 1.1.1d are unaffected.

The vulnerability is fixed in version 1.1.1g. For more information, please see the  OpenSSL security advisory.

Microsoft has confirmed Windows is not affected by this vulnerability. We are currently investigating the wider impact and are applying mitigations to services as needed.

Recommended Actions

If you are running a Linux VM or have installed any products that use OpenSSL on Azure, please review the version on your system. We recommend that you check the security blog for the distro you are using.

Win10desk

Read more