Microsoft fixes 45 flaws, including three actively exploited vulnerabilities

Microsoft Patch Tuesday includes fixes for critical flaws in IE, Edge, Office, Windows and .NET

Microsoft released its monthly security-patch bundle Tuesday, fixing 45 unique vulnerabilities, three of which are publicly known and targeted by hackers.

The top priority this month should be given to the Microsoft Office security update because one of the fixed flaws has been actively exploited by attackers since January to infect computers with malware. Over the past few days this vulnerability, tracked as CVE-2017-0199, has seen widespread exploitation.

The CVE-2017-0199 vulnerability can be exploited through maliciously crafted RTF (Rich Text Format) documents when such documents are opened with either Microsoft Word or WordPad. Because WordPad is bundled with Windows by default, a patch for this flaw is also included in the security updates for Windows.

According to security vendor Qualys, the next priority should go to the updates for Microsoft's Internet Explorer and Edge browsers. These update address several remote code execution vulnerabilities.

One flaw patched in IE allows attackers to bypass the cross-domain policies enforced by the browser. The flaw makes it possible to take information from one domain and inject it into another, violating an important security barrier.

Microsoft's notes for this vulnerability mention that it has already been exploited in the wild, but don't include other details about the attacks.

Critical vulnerabilities have also been patched in Hyper-V, Microsoft's virtualization hypervisor that's included in Windows Server 2008, 2012 and 2016, as well as in Windows 8.1 and 10. These vulnerabilities can allow applications running inside a guest operating system to escape the virtual machine and execute malicious code on the host OS.

Finally, a remote code execution vulnerability has been fixed in the Microsoft .NET Framework. This flaw potentially can be exploited by attackers to take complete control of a system running a vulnerable deployment of the framework.

Microsoft has also released a defense-in-depth update for Microsoft Office that disables the Encapsulated PostScript (EPS) filter by default. That's because the company is aware of limited, targeted attacks that try to take advantage of an unpatched vulnerability in this filter.

The Microsoft updates also include third-party critical patches for Flash Player, which is bundled with Internet Explorer 11 and Edge.

This Patch Tuesday bundle is also notable because it marks the end of support for Windows Vista, which will no longer receive security updates after this round of patches.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?