News

Microsoft patches attacked Office leak in new patch round

By admin
Spread the love

As part of a new patch Tuesday patch round, Microsoft has patched a vulnerability in Office that was being actively used by attackers. In total, the Redmond company closed 56 leaks, of which it identifies 16 as critical.

The vulnerability in question is CVE-2018-0802, which Microsoft refers to as a memory corruption vulnerability. Zero Day Initiative notes that this is the only vulnerability in this patch round that is being actively attacked. The vulnerability could allow an attacker to execute code using a special file with the privileges of the user opening the file in a vulnerable version of Office or WordPad.

Microsoft addresses the problem by removing functionality from the so-called equation editor, or an editor for mathematical equations. As a result, users may see an error message. A security company previously found problems with this outdated part of Office, after which Microsoft had already released patches at the time. A later analysis of that patch indicated that this was done by modifying the exe and not the source code.

In addition, Microsoft has released a patch for the Mac version of Office, among other things, that fixes a spoofing leak with attribute CVE-2018-0819. Microsoft thanks researcher Sabri Haddouche for reporting the vulnerability. This researcher was behind the discovery of the Mailsploit vulnerabilities in several email clients. This made it possible to spoof a sender. All other patches in this round can be found in an overview.

Microsoft has already released the Meltdown and Specter patches before. After these caused problems on some AMD systems, the company has put them on hold. On Tuesday, the company released a statement highlighting the impact of the patches on system performance. It showed that with older processors, such as Haswell or earlier generations, the performance drop can be so great that users will notice slowdowns. This is also the case with users running Windows 7 or 8. For computers running Windows Server, an even greater reduction in performance is expected.

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones