CVE-2020-1224 – This is a memory information disclosure vulnera... (How to Fix)

Q: What is the severity of CVE-2020-1224?

CVE-2020-1224 has a CVSS score of 5.5 (MEDIUM). This is a memory information disclosure vulnerability in Microsoft Excel where specially crafted documents can leak memory contents. Attackers could use leaked information to compromise systems or data. Users who open malicious Excel files are affected.

📋 TL;DR

This is a memory information disclosure vulnerability in Microsoft Excel where specially crafted documents can leak memory contents. Attackers could use leaked information to compromise systems or data. Users who open malicious Excel files are affected.

💻 Affected Systems

Products:

Microsoft Excel

Versions: Specific versions not specified in advisory

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious Excel file

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory contents disclosure leads to credential theft, privilege escalation, or full system compromise through follow-on attacks.

🟠

Likely Case

Information disclosure that could reveal sensitive data or system information useful for targeted attacks.

🟢

If Mitigated

Limited impact with proper email filtering, user training, and application sandboxing.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Requires attacker to know specific memory address locations and social engineering to deliver file

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Microsoft security update from May 2020

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install May 2020 security updates for Office/Excel. 4. Restart computer if prompted.

🔧 Temporary Workarounds

Disable Excel file opening

windows

Block Excel files from untrusted sources via group policy or application control

🧯 If You Can't Patch

Implement application whitelisting to block unauthorized Excel execution
Use email filtering to block suspicious Excel attachments

🔍 How to Verify

Check if Vulnerable:

Check Excel version and compare to patched versions from May 2020 security updates

Check Version:

In Excel: File > Account > About Excel

Verify Fix Applied:

Verify Windows Update history shows May 2020 Office security updates installed

📡 Detection & Monitoring

Log Indicators:

Excel crash logs, unexpected Excel process launches from email attachments

Network Indicators:

Excel files downloaded from suspicious sources

SIEM Query:

Process creation where parent process is email client and child process is excel.exe

📊 Metadata

CVE ID: CVE-2020-1224

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Published: September 11, 2020

Last Updated: February 23, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

📋 TL;DR

💻 Affected Systems

📦 What is this software?

365 Apps by Microsoft

Excel by Microsoft

Excel by Microsoft

Excel by Microsoft

Excel by Microsoft

Office by Microsoft

Office by Microsoft

Office by Microsoft

Office Online Server by Microsoft

Office Web Apps by Microsoft

Sharepoint Enterprise Server by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Excel file opening

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export