The monthly bundle of security patches is delivered by Microsoft. A patch concerns an exploit used in a Russian-speaking context during attacks.
| Photo courtesy of Donghee Son and Jongha Lee |
Of these vulnerabilities, 26 are referred to as critical by Microsoft (see the Zero Day Initiative chart). However, they have not been publicly disclosed and are not exploited in attacks, unlike a .NET Framework flaw.
The latter (CVE-2017-8759) was discovered by FireEye and is not considered critical. According toFireEye, it is used to distribute a FINSPY spyware, otherwise identified as FinFisher or WingBird.
This is the second time this year that FireEye discovers the use of a flaw to disseminate this type of spyware sold by Gamma Group and used for cyber espionage. The feat is built into a Microsoft Word document. Once opened, a vulnerability in the .NET Framework is exploited. The targets are Russian-speaking.
Microsoft explains that the exploit uses Microsoft Word as the initial attack vector to reach the "truly vulnerable component" that is not related to Microsoft Office. SOPA rendering capabilities are discussed via the .NET class library.
For Qualys, it's more critical remote code execution vulnerabilities affecting Microsoft's browsers that need to be trusted. Some are related to the script engine with an impact for Microsoft Office as well.
Related:Windows 10 Creators Update: Microsoft admits to having a problem with the games
💌 Follow by Email:Digital Channel
🌍🔍 Search Google :digitalchanneltv.tk
Click Index You Might Be Interested
suivre Dhaouadi Aymensur
