Microsoft Fixes Zero Day

Wednesday, January 10, 2018 @ 11:01 AM gHale

Patch Tuesday started off the new year with a bang as Microsoft fixed a Zero Day along with over 50 vulnerabilities.

The Zero Day was in Office and it was an Equation Editor flaw that underwent exploitation.

Backdoor Found in Storage Devices
Mac Backdoor in Disguise
Android Backdoor Steals Social Media Info
17-Year-Old Vulnerability Fixed then Attacked

The Zero Day has a case number of CVE-2018-0802 is a memory corruption issue that can be exploited for remote code execution by getting targeted users to open a specially crafted file via Office or WordPad.

The vulnerability is related to a 17-year-old vulnerability in the Equation Editor (EQNEDT32.EXE), which the software giant fixed in November.

Other updates fix a spoofing vulnerability in Office for Mac that has already been publicly disclosed. Sixteen of the flaws resolved this month have been rated critical, a majority affecting the scripting engine used by the Edge and Internet Explorer web browsers.

Microsoft has also rated critical a Word vulnerability (CVE-2018-0797) that can be exploited for remote code execution using specially crafted RTF files.

Leave a Reply

You must be logged in to post a comment.