Microsoft and Autodesk have released security updates for software that accesses the Autodesk program library. Microsoft has also released security advisories for an update of the Autodesk FBX Library and for an OpenSSL Remote Denial of Service vulnerability. It is an unscheduled security update that fixes remote code execution vulnerabilities in an Autodesk FBX library that is integrated with Microsoft Office and 3D applications.
The whole thing has been known since March 2020.Microsoft has changed the days of the download links and this is communicated to a security advisory.
The closed security gaps originally came from the FBX Software Development, which was used to create the program library. All FBX versions are affected by this .Thus potentially also software projects that use these SDK versions. Attackers could have used the vulnerabilities remotely to obtain the same access rights to the respective system as the currently logged in user. To do this, they would first have to open a specifically prepared file with 3D content in one of the vulnerable programs.
AutoDesk published the security recommendation in the previous week. Some of these vulnerabilities are suitable for executing injected code, the other vulnerabilities are DoS vulnerabilities. Developers can find the updated SDK on the FBX website.
Corresponding Security Updates
Microsoft announces the availability of corresponding security updates. Another security recommendation concerns OpenSSL. There was also an update for Edge recently.
Microsoft security recommendation warns of a publicly known DoS vulnerability in OpenSSL. The vulnerability was eliminated in OpenSSL too. Microsoft says that Windows is not affected. Rather, Microsoft’s warning is that third parties may be running virtual machines on the platform that run other software that uses OpenSSL.
Microsoft Rates The Unscheduled Updates As Important
Users should therefore update the respective software as soon as possible. Administrators should also install the security update to protect against the vulnerability.