Besides a previously undisclosed code-execution flaw inwards Microsoft Word, the tech giant patches 2 to a greater extent than zero-day vulnerabilities that attackers had been exploiting inwards the wild for months, equally purpose of this month's Patch Tuesday.
In total, Microsoft patches 45 unique vulnerabilities inwards its nine products, including iii previously undisclosed vulnerabilities nether active attack.
The commencement vulnerability (CVE-2017-0199) nether laid on is a remote-code execution flaw that could let an assailant to remotely accept over a fully patched in addition to upwards to appointment reckoner when the victim opens a Word document containing a booby-trapped OLE2link object.
The laid on tin bypass nigh exploit mitigations developed past times Microsoft, in addition to according to Ryan Hanson of safety theatre Optiv, inwards about cases, exploits tin execute malicious code fifty-fifty when Protected View is enabled.
As The Hacker News reported Monday, this code-execution flaw inwards Microsoft Word was beingness exploited past times hackers to spread a version of infamous Dridex banking trojan.
Also, according to spider web log posts published Tuesday past times safety firms FireEye in addition to Godzilla malware respectively.
Microsoft has released a laid upwards for CVE-2017-0199 in addition to credited Hanson amongst responsible reporting the critical vulnerability to the company.
The companionship likewise pushed out a spell for about other critical vulnerability (CVE-2017-0210) nether active attack. The flaw is an acme of privilege vulnerability inwards Internet Explorer that would let an assailant to force a fast 1 on a victim into visiting a compromised website.
The vulnerability could let the assailant to access sensitive data from 1 domain in addition to inject it into about other domain.
The tertiary previously undisclosed flaw (CVE-2017-2605) resides inwards the Encapsulated PostScript (EPS) filter inwards Microsoft Office, exactly Microsoft did non genuinely unloosen an update for this flaw inwards Tuesday's update batch.
However, the tech giant issued an update for Microsoft Office that, past times default, disable the EPS filter inwards MS Office equally a defense forcefulness measure. This Word vulnerability is likewise beingness exploited inwards the wild when a target opens a malicious EPS icon inwards Word.
In total, Microsoft rolled out xv safety updates on Tuesday patching dozens of unique CVEs inwards its products, including the Windows OS, Exchange Server, Edge in addition to Internet Explorer, Office, Office Services in addition to Office Web Apps, Visual Studio for Mac Silverlight in addition to Adobe Flash.
Users are strongly advised to install updates equally presently equally possible inwards guild to protect themselves against the active attacks inwards the wild on iii carve upwards Microsoft products.
In total, Microsoft patches 45 unique vulnerabilities inwards its nine products, including iii previously undisclosed vulnerabilities nether active attack.
The commencement vulnerability (CVE-2017-0199) nether laid on is a remote-code execution flaw that could let an assailant to remotely accept over a fully patched in addition to upwards to appointment reckoner when the victim opens a Word document containing a booby-trapped OLE2link object.
The laid on tin bypass nigh exploit mitigations developed past times Microsoft, in addition to according to Ryan Hanson of safety theatre Optiv, inwards about cases, exploits tin execute malicious code fifty-fifty when Protected View is enabled.
As The Hacker News reported Monday, this code-execution flaw inwards Microsoft Word was beingness exploited past times hackers to spread a version of infamous Dridex banking trojan.
Also, according to spider web log posts published Tuesday past times safety firms FireEye in addition to Godzilla malware respectively.
Microsoft has released a laid upwards for CVE-2017-0199 in addition to credited Hanson amongst responsible reporting the critical vulnerability to the company.
Patch for Critical IE Flaw Being Exploited inwards the Wild
The companionship likewise pushed out a spell for about other critical vulnerability (CVE-2017-0210) nether active attack. The flaw is an acme of privilege vulnerability inwards Internet Explorer that would let an assailant to force a fast 1 on a victim into visiting a compromised website.
The vulnerability could let the assailant to access sensitive data from 1 domain in addition to inject it into about other domain.
"The vulnerability past times itself does non let arbitrary code to live on run. However, the vulnerability could live on used inwards conjunction amongst about other vulnerability (for example, a remote code execution vulnerability) that could accept wages of the elevated privileges when running arbitrary code," Microsoft's guidance for the flaw reads.This IE vulnerability is likewise beingness exploited inwards the wild.
Another Critical Word Vulnerability Yet Unpatched!
The tertiary previously undisclosed flaw (CVE-2017-2605) resides inwards the Encapsulated PostScript (EPS) filter inwards Microsoft Office, exactly Microsoft did non genuinely unloosen an update for this flaw inwards Tuesday's update batch.
However, the tech giant issued an update for Microsoft Office that, past times default, disable the EPS filter inwards MS Office equally a defense forcefulness measure. This Word vulnerability is likewise beingness exploited inwards the wild when a target opens a malicious EPS icon inwards Word.
"Microsoft is aware of limited, targeted attacks that could leverage an unpatched vulnerability inwards the EPS filter in addition to is taking this activity to aid cut client peril until the safety update is released," the guidance for the flaw reads.The companionship likewise issued a spell for Windows 10 Creators Update, which was made available on Tuesday, addressing about remote code execution flaws in addition to acme of privilege bugs.
In total, Microsoft rolled out xv safety updates on Tuesday patching dozens of unique CVEs inwards its products, including the Windows OS, Exchange Server, Edge in addition to Internet Explorer, Office, Office Services in addition to Office Web Apps, Visual Studio for Mac Silverlight in addition to Adobe Flash.
Users are strongly advised to install updates equally presently equally possible inwards guild to protect themselves against the active attacks inwards the wild on iii carve upwards Microsoft products.
Share This :
comment 0 Comments
more_vert