May patch day: Microsoft removes zero-day vulnerabilities in Office

on the may patch day, Microsoft has published a number of security updates, in addition to the Windows operating systems also his Office Suite relate. The fixes are also weaknesses in the browser edge and Internet Explorer
-Office services and Web apps, in the. NET Framework as well as in the Flash Player, such as the release notes is Adobe . Overall, it’s about over 50 vulnerabilities, including zero-day vulnerabilities this month.

(Bild: Shutterstock)

fixed including a particularly dangerous zero-day gap is Microsoft Office which is already used for active attacks. Security researchers from FireEye observed their usage by a Russian group of Cyberspionage, as well as an unknown and financially motivated attacker. Are susceptible to the 32- and 64-bit versions of Office 2010, 2013 and 2016. A critical security vulnerability in Internet Explorer is apparently already actively used by attackers.

as CVE-2017-0261 captured Office vulnerability allows remote code execution and can be a successful attacker control over the system. The security hole is available as well as a more zero-day vulnerability (CVE-2017-0262) in connection with the handling of encapsulated PostScript (EPS) with Microsoft’s Office software. A third zero-day vulnerability (CVE-2017-0263) allows attackers to gain higher privileges. these vulnerabilities by various groups of attackers active exploitation describes FireEye in a blog entry.

the monthly security update for may followed shortly after an emergency patch for a serious zero day vulnerability that was reported by security researchers at Google’s project zero. She found it in the anti-virus protection component malware protection engine (MsMpEng), used by Windows Defender and other security products.

the entire patches of this month Microsoft describes in his security update Guide mentioned database. They replaced the previous overview with security bulletins and should now serve as a one-stop shop for information about vulnerabilities. But since then, many users complain the reduced overview. To work, through the individual entries can be much mühseliger and more time-consuming.

WEBINAR

what next – BB´s storage & co: the enterprise cloud!

get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples. [Update: the webinar has already occurred.] Register now and look at the record.

Be the first to comment

Leave a Reply