As described in a Microsoft security advisory (opens in new tab), the flaws stem from the Autodesk FBX library, which is integrated into several Microsoft applications (via ZDNet). Those include Microsoft Office 2019 (32-bit and 64-bit), Office 365 ProPlus (32-bit and 64-bit), Paint 3D and Office 1026 Click-to-Run. 

How to Use Windows 10Best Laptops for Photo Editing in 2020Chrome issues security warning for 2 billion users: Here’s the fix

Microsoft labels the vulnerabilities as “important,” and while that’s a step down from the maximum “critical” level, the flaw can be exploited remotely to damaging effect.  “Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content,” the advisory reads. “An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user.”  For an attacker to take control of a system, they would simply send a user a malicious Autodesk FBX file and trick them into opening it. Microsoft notes that users who run the Office programs or Paint 3D with fewer user rights are less at risk than those who operate as an administrator.  As ZDNet points out, Autodesk, the company behind the FBX file, released its own advisory (opens in new tab) last Wednesday for six separate high-severity flaws affecting apps that use FBX-SDK Version 2020.0 or earlier.  The FBX SDK is a free C++ software platform and API toolkit that lets applications transfer existing content into FBX format, which is popular for 3D modeling. 

What to do

Microsoft released updates to patch the vulnerabilities in the apps that use the Autodesk FBX library. If you use any of the aforementioned apps (Office 2019, Paint 3D), make sure they are updated to the latest versions.  For Office products, visit this webpage (opens in new tab) for steps to determine which version you are using. If it’s not the latest release, consider manually downloading the update.  If you use Paint 3D (a pre-installed app on Windows 10 PCs), download the latest version from the Microsoft Store. 

Microsoft Office Paint 3D hit by scary security flaw What to do - 96Microsoft Office Paint 3D hit by scary security flaw What to do - 59Microsoft Office Paint 3D hit by scary security flaw What to do - 81Microsoft Office Paint 3D hit by scary security flaw What to do - 45Microsoft Office Paint 3D hit by scary security flaw What to do - 38Microsoft Office Paint 3D hit by scary security flaw What to do - 29Microsoft Office Paint 3D hit by scary security flaw What to do - 5Microsoft Office Paint 3D hit by scary security flaw What to do - 28