Microsoft fixes 45 flaws, including three actively exploited vulnerabilities

Microsoft Patch Tuesday includes fixes for critical flaws in IE, Edge, Office, Windows and .NET

Microsoft released its monthly security-patch bundle Tuesday, fixing 45 unique vulnerabilities, three of which are publicly known and targeted by hackers.

The top priority this month should be given to the Microsoft Office security update because one of the fixed flaws has been actively exploited by attackers since January to infect computers with malware. Over the past few days this vulnerability, tracked as CVE-2017-0199, has seen widespread exploitation.

The CVE-2017-0199 vulnerability can be exploited through maliciously crafted RTF (Rich Text Format) documents when such documents are opened with either Microsoft Word or WordPad. Because WordPad is bundled with Windows by default, a patch for this flaw is also included in the security updates for Windows.

According to security vendor Qualys, the next priority should go to the updates for Microsoft's Internet Explorer and Edge browsers. These update address several remote code execution vulnerabilities.

One flaw patched in IE allows attackers to bypass the cross-domain policies enforced by the browser. The flaw makes it possible to take information from one domain and inject it into another, violating an important security barrier.

Microsoft's notes for this vulnerability mention that it has already been exploited in the wild, but don't include other details about the attacks.

Critical vulnerabilities have also been patched in Hyper-V, Microsoft's virtualization hypervisor that's included in Windows Server 2008, 2012 and 2016, as well as in Windows 8.1 and 10. These vulnerabilities can allow applications running inside a guest operating system to escape the virtual machine and execute malicious code on the host OS.

Finally, a remote code execution vulnerability has been fixed in the Microsoft .NET Framework. This flaw potentially can be exploited by attackers to take complete control of a system running a vulnerable deployment of the framework.

Microsoft has also released a defense-in-depth update for Microsoft Office that disables the Encapsulated PostScript (EPS) filter by default. That's because the company is aware of limited, targeted attacks that try to take advantage of an unpatched vulnerability in this filter.

The Microsoft updates also include third-party critical patches for Flash Player, which is bundled with Internet Explorer 11 and Edge.

This Patch Tuesday bundle is also notable because it marks the end of support for Windows Vista, which will no longer receive security updates after this round of patches.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?