SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Microsoft Closes Word/Wordpad Hole—6 Months after Report
Date    Sunday April 30 2017, @02:19AM
Author    cmn32480
Topic   
from the there-is-a-backlog dept.
https://soylentnews.org/article.pl?sid=17/04/29/1353210

butthurt writes:

It's reported that, as of 11 April, patches are available for a security bug in Microsoft Office and in Wordpad which was disclosed to the company in October. The flaw was widely exploited after McAfee blogged about it. It affects Microsoft Office 2007 SP3 and Windows Vista SP2; the latter was released in May 2009 and the former in October 2011.

In related news, The Register (nonCloud-flare link) says that

[...] CVE-2017-0210 in Internet Explorer, and CVE-2017-2605 in Office – are being actively attacked in the wild by miscreants and the Dridex malware. That latter bug has no patch, by the way: Microsoft just switched off an exploited PostScript filter by default.

further information: CVE-2017-0199

coverage:

related story:
After Microsoft Delays Patch Tuesday, Google Discloses Windows Bug

Original Submission

Links
  1. "butthurt" - https://soylentnews.org/~butthurt/
  2. "McAfee" - https://en.wikipedia.org/wiki/McAfee
  3. "the latter was released in May 2009" - https://www.engadget.com/2009/05/26/windows-vista-sp2-is-live-ready-to-download/
  4. "the former in October 2011" - https://www.neowin.net/news/microsoft-office-2007-service-pack-3-released
  5. "The Register" - https://www.theregister.co.uk/2017/04/11/patch_tuesday_mess/
  6. "nonCloud-flare link" - http://www.webcitation.org/6q4y57knU
  7. "CVE-2017-0210" - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0210
  8. "CVE-2017-2605" - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-2605
  9. "CVE-2017-0199" - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0199
  10. "Ars Technica" - https://arstechnica.com/security/2017/04/critical-word-0day-is-only-1-of-3-microsoft-bugs-under-attack/
  11. "Dark Reading" - http://www.darkreading.com/vulnerabilities---threats/microsoft-office-zero-day-patched-after-months-of-attacks/d/d-id/1328607
  12. "Threatpost" - https://threatpost.com/microsoft-patches-three-vulnerabilities-under-attack/124927/
  13. "eWeek" - http://www.eweek.com/security/microsoft-patches-critical-zero-day-exploit-in-office-suite
  14. "PC World" - http://www.pcworld.com/article/3189351/security/microsoft-fixes-45-flaws-including-three-actively-exploited-vulnerabilities.html
  15. "Bleeping Computer" - https://www.bleepingcomputer.com/news/security/recent-microsoft-0-day-used-for-cyber-espionage-and-mundane-malware-distribution/
  16. "Network World" - http://www.networkworld.com/article/3189168/security/microsoft-kicks-security-bulletins-to-the-curb-in-favor-of-security-update-guide.html
  17. "CyberScoop" - https://www.cyberscoop.com/iranian-hackers-used-a-microsoft-word-flaw-in-a-campaign-against-israeli-targets/
  18. "Cisco blog" - https://blogs.cisco.com/security/talos/cve-2017-0199-coverage
  19. "After Microsoft Delays Patch Tuesday, Google Discloses Windows Bug" - https://soylentnews.org/article.pl?sid=17/02/20/0631212
  20. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=19913
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Microsoft Closes Word/Wordpad Hole—6 Months after Report on 2024-04-23 15:06:09