SoylentNews is people
SoylentNews
Submission Preview
Microsoft Closes Word/Wordpad Hole—6 Months after Report
It's reported that, as of 11 April, patches are available for a security bug in Microsoft Office and in Wordpad which was disclosed to the company in October. The flaw was widely exploited after McAfee [wikipedia.org] blogged about it. It affects Microsoft Office 2007 SP3 and Windows Vista SP2; the latter was released in May 2009 [engadget.com] and the former in October 2011 [neowin.net].
In related news, The Register [theregister.co.uk] (nonCloud-flare link [webcitation.org]) says that
[...] CVE-2017-0210 [microsoft.com] in Internet Explorer, and CVE-2017-2605 [microsoft.com] in Office – are being actively attacked in the wild by miscreants and the Dridex malware. That latter bug has no patch, by the way: Microsoft just switched off an exploited PostScript filter by default.
further information: CVE-2017-0199 [mitre.org]
coverage:
- Ars Technica [arstechnica.com]
- Dark Reading [darkreading.com]
- Threatpost [threatpost.com]
- eWeek [eweek.com]
- PC World [pcworld.com]
- Bleeping Computer [bleepingcomputer.com]
- Network World [networkworld.com]
- CyberScoop [cyberscoop.com]
- Cisco blog [cisco.com]
related story:
After Microsoft Delays Patch Tuesday, Google Discloses Windows Bug [soylentnews.org]
