Don't just grab your CPU bug updates – there's a nasty hole in Office, too

www.theregister.co.uk | 1/9/2018 | Staff
Click For Photo: https://regmedia.co.uk/2018/01/09/shutterstock_badride.jpg?x=1200&y=794

Patch Tuesday In case you've been hiding under a rock for the entirety of this new year (and we don't blame you if you have) there are a handful of major security flaws that have been dominating the news, and feature prominently in this month's Patch Tuesday update load.

First, let's look at the latest developments in the Meltdown/Spectre saga:

Nvidia - Graphics - Address - Spectre - Present

Nvidia has got around to kicking out graphics driver updates that address the Spectre flaws present in its hardware – for example, here are some patches for Ubuntu. IBM is also due to release Spectre mitigations for its POWER server line today.

The January edition of Microsoft's Patch Tuesday release is a formidable update in its own right, containing updates for 56 CVE-listed flaws including an actively targeted flaw in Office, and critical vulnerabilities in Edge and Internet Explorer.

Microsoft - CVE-2018-0802 - Code - Execution - Hole

Microsoft said that CVE-2018-0802, a remote code execution hole in Office, is already being targeted in the wild. The flaw is triggered when the target opens a malformed Word file in Office or WordPad.

As usual, a good chunk of the CVEs (15 in this case) were for vulnerabilities in the scripting engine used by Edge and Internet Explorer. These flaws, none of which have been targeted in the wild yet, would allow remote code execution by way of...
(Excerpt) Read more at: www.theregister.co.uk
0 other people are viewing this story
Wake Up To Breaking News!
Tagged:
Sign In or Register to comment.