SoylentNews
SoylentNews is people
https://soylentnews.org/
Title | | Microsoft Closes Word/Wordpad Hole—6 Months after Report |
Date | | Sunday April 30 2017, @02:19AM |
Author | | cmn32480 |
Topic | | |
from the there-is-a-backlog dept. |
https://soylentnews.org/article.pl?sid=17/04/29/1353210
butthurt writes:
It's reported that, as of 11 April, patches are available for a security bug in Microsoft Office and in Wordpad which was disclosed to the company in October. The flaw was widely exploited after McAfee blogged about it. It affects Microsoft Office 2007 SP3 and Windows Vista SP2; the latter was released in May 2009 and the former in October 2011.
In related news, The Register (nonCloud-flare link) says that
[...] CVE-2017-0210 in Internet Explorer, and CVE-2017-2605 in Office – are being actively attacked in the wild by miscreants and the Dridex malware. That latter bug has no patch, by the way: Microsoft just switched off an exploited PostScript filter by default.
further information: CVE-2017-0199
coverage:
related story:
After Microsoft Delays Patch Tuesday, Google Discloses Windows Bug
Original Submission
- "butthurt" - https://soylentnews.org/~butthurt/
- "McAfee" - https://en.wikipedia.org/wiki/McAfee
- "the latter was released in May 2009" - https://www.engadget.com/2009/05/26/windows-vista-sp2-is-live-ready-to-download/
- "the former in October 2011" - https://www.neowin.net/news/microsoft-office-2007-service-pack-3-released
- "The Register" - https://www.theregister.co.uk/2017/04/11/patch_tuesday_mess/
- "nonCloud-flare link" - http://www.webcitation.org/6q4y57knU
- "CVE-2017-0210" - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0210
- "CVE-2017-2605" - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-2605
- "CVE-2017-0199" - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0199
- "Ars Technica" - https://arstechnica.com/security/2017/04/critical-word-0day-is-only-1-of-3-microsoft-bugs-under-attack/
- "Dark Reading" - http://www.darkreading.com/vulnerabilities---threats/microsoft-office-zero-day-patched-after-months-of-attacks/d/d-id/1328607
- "Threatpost" - https://threatpost.com/microsoft-patches-three-vulnerabilities-under-attack/124927/
- "eWeek" - http://www.eweek.com/security/microsoft-patches-critical-zero-day-exploit-in-office-suite
- "PC World" - http://www.pcworld.com/article/3189351/security/microsoft-fixes-45-flaws-including-three-actively-exploited-vulnerabilities.html
- "Bleeping Computer" - https://www.bleepingcomputer.com/news/security/recent-microsoft-0-day-used-for-cyber-espionage-and-mundane-malware-distribution/
- "Network World" - http://www.networkworld.com/article/3189168/security/microsoft-kicks-security-bulletins-to-the-curb-in-favor-of-security-update-guide.html
- "CyberScoop" - https://www.cyberscoop.com/iranian-hackers-used-a-microsoft-word-flaw-in-a-campaign-against-israeli-targets/
- "Cisco blog" - https://blogs.cisco.com/security/talos/cve-2017-0199-coverage
- "After Microsoft Delays Patch Tuesday, Google Discloses Windows Bug" - https://soylentnews.org/article.pl?sid=17/02/20/0631212
- "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=19913
© Copyright 2024
- SoylentNews, All Rights Reserved
printed from SoylentNews, Microsoft Closes Word/Wordpad Hole—6 Months after Report on 2024-04-23 15:06:09