Microsoft 365 Apps

stack.watch can notify you when security vulnerabilities are reported in Microsoft 365 Apps. You can add multiple products that you use with 365 Apps to create your own personal software stack watcher.

By the Year

In 2020 there have been 3 vulnerabilities in Microsoft 365 Apps with an average score of 7.7 out of ten. Last year 365 Apps had 0 security vulnerabilities published. That is, 3 more vulnerabilities have already been reported in 2020 as compared to last year.

Year	Vulnerabilities	Average Score
2020	3	7.70
2019	0	0.00
2018	0	0.00

It may take a day or so for new 365 Apps vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft 365 Apps Security Vulnerabilities

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory

CVE-2020-1563 7.8 - High - August 17, 2020

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

CVE-2020-1563 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory

CVE-2020-1445 5.5 - Medium - July 14, 2020

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

CVE-2020-1445 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-0901 9.8 - Critical - May 21, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

CVE-2020-0901 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.