未加星标

It's now 2017, and your Windows PC can still be pwned by a Word file

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二03 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

It's now 2017, and your Windows PC can still be pwned by a Word file

Microsoft has begun its 2017 with the release of four updates to address security holes in windows and Office, while Adobe has posted fixes for more than three dozen vulnerabilities in Flash and Reader.

Microsoft's January patch load includes:

MS17-001

, a fix for the Edge browser to address a flaw that would let a malicious page gain elevated access privileges when the user clicks on a link.

"An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies with about:blank, which could allow an attacker to access information from one domain and inject it into another domain," Microsoft says of CVE-2017-0002.

The update will only be pushed out to Windows 10 and Server 2016.

MS17-002

addresses a memory corruption issue in Office that allows for remote code execution in Office 2016 and SharePoint Enterprise Server 2016.

The flaw, designated CVE-2017-0003, allows a specially crafted Word file to take control of the target system with the current user's access privileges. The vulnerability was spotted by Tony Loi of FortiGuard Labs.

MS17-003 is Microsoft's edition of the January Flash Player update to remedy 12 security flaws. The patch will be automatically pushed to Windows users running Microsoft Edge or Internet Explorer 11. MS17-004

addresses a denial of service vulnerability in Local Security Authority Subsystem Service for older versions of Windows and Windows Server.

Microsoft says that an attacker who sent a specially crafted authentication request to the targeted Windows (Vista through 7) or Windows Server (2008 to 2008 R2) box could trigger an automatic reset. Discovery of the flaw, CVE-2017-0004, was credited to Nicolás Economou and Laurent Gaffie from Core Security.

Meanwhile, Adobe is updating both Flash Player and Acrobat/Reader for Windows, macOS, and linux desktops.

The Flash Player update covers 13 vulnerabilities, none of which have been actively targeted in the wild yet. Adobe is rating the fix as a critical priority for both Windows and macOS systems, as a successful exploit could allow for remote code execution. Linux systems are thought to be at lower risk for attack, but should still install the update as needed.

The Adobe Acrobat and Reader update patches up 29 CVE-listed problems, including a number of remote code execution flaws in both Windows and macOS. Adobe says it has not yet received reports of active exploits in the wild.

Sponsored: Customer Identity and Access Management

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

分页:12
转载请注明
本文标题:It's now 2017, and your Windows PC can still be pwned by a Word file
本站链接:http://www.codesec.net/view/522776.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(32)