Microsoft Clears Zero Days

Wednesday, April 12, 2017 @ 01:04 PM gHale


Microsoft’s Patch Tuesday released with fixes for 46 issues, 15 of which ended up labeled critical.

This month’s update round is about one third of the size of March’s release, with 46 vulnerabilities fixed, 14 of which are in Hyper-V.

RELATED STORIES
Office Zero Day Used in Attacks
Office Zero Day a ‘Logical Bug’
Defense from Tainted Mobile Devices
SANS: Know the Security Mission

Those which administrators should focus on are two Zero Days undergoing exploitation, CVE-2017-0199 and CVE-2017-0210.

CVE-2017-0199 has been targeting Microsoft Word users since January and affects all versions of Office up to Office 2016 running on Windows 10, Microsoft’s most secure OS to date.

It has also undergone exploitation in an email campaign designed to distribute the Dridex banking Trojan.

The other Zero Day is an elevation of privilege vulnerability in Internet Explorer.

An attacker tricking a victim into opening a maliciously crafted document end up gaining the ability to execute arbitrary code, gaining a foothold to further compromise the organization’s network.

There are also critical updates for the just released Windows 10 Creators Update, as well as Windows Server, .NET Framework, Adobe Flash for IE and more.

Windows Vista received its last round of updates, so any organizations still running the OS should upgrade as soon as possible.



Leave a Reply

You must be logged in to post a comment.