Microsoft has released patches for 56 vulnerabilities which includes a zero-day vulnerability in MS office as part of Patch Tuesday security update.
Microsoft has released patches for 56 vulnerabilities which includes a zero-day vulnerability in MS office as part of Patch Tuesday security update.In the security updates 16 were rated as critical, 38 as important, 1 as moderate and 1 as low severity.
Read more on: Bug in MacOS 10.13.2 Allows to Unlock App Store Preferences Without any PasswordPatches release fix vulnerabilities found in Windows, Office, Internet Explorer, ChakraCore, Edge, ASP.NET, and the .NET Framework.The most important patch released was for the zero-day vulnerability( CVE-2018-0802) found in Microsoft Office and Microsoft WordPad application.The vulnerability is described as a memory corruption issue which allows attackers to execute code in user’s PC.The vulnerability resides in the Equation Editor functionality(EQNEDT32.EXE) and affects all Microsoft office released in the past 17 years.Microsoft also patched a Metasploit vulnerability (CVE-2018-0819) in the Outlook for Mac which allowed attackers to send emails with spoofed identities.The company also addressed an X509 certificate validation bypass vulnerability (CVE-2018-0786) in .NET Framework (and .NET Core) which could allow attackers to show their invalid certificate as valid.“Microsoft is aware of a security vulnerability in the public versions of .NET Core where an attacker could present a certificate that is marked invalid for a specific use, but a component uses it for that purpose. This action disregards the Enhanced Key Usage tagging,” said Microsoft.In the security update patches for 15 vulnerabilities found in the scripting engine used by Microsoft edge and internet explorer.A remote attacker can exploit these flaws for code execution by tricking users to open a specially designed webpage which triggers a memory corruption error.Nine remote code execution and memory disclosure flaws in MS office was also fixed in the security update.Adobe has released a patch for a vulnerability (CVE-2018-4871) which could allow attackers to leak sensitive information.The vulnerability was reported by trend micro zero day initiative and affects adobe flash player for Windows, Macintosh, and Linux.All the users are advised to install the security update as soon as possible, and for more details, you can visit Microsoft's security update guide.
Read more on: Blackberry Mobile Website Hacked and Inserted CoinhHive’s Code to Mine Monero