Microsoft January patch has been updated and in this, the tech giant has dealt with dozens more bugs. The update is a part of its regular Patch Tuesday release that covers Windows, Office, Microsoft Edge, macOS, ASP.net, and more. Due to Meltdown and Spectre, the month has been tremendously hectic month for the patching.
Among all the Microsoft’s updates that have been released, sixteen have been tackled critical vulnerabilities and 38 are marked important. Chris Goettl, product manager at Ivanti, in his commentary on Patch Tuesday has said that “the company started Patch Tuesday a bit early this January by launching the operating system updates last week.”
Last week the company launched out-of-band updates fixing three unique CVEs for the Spectre and Meltdown. Both these issues are basically speculative execution side-channel attacks, which may harm a lot, Goettl further added.
He also said that adding these two in the January Tuesday patch updates makes a total of fifty vulnerabilities. This total also includes one CVE diagnosed in exploits in the wild and four that have been publicly revealed.
This month is special as the company has stopped the deployment of patches for some AMD systems along with the other updates, which are not compatible with third-party antivirus software, said Jimmy Graham, director of product management at Qualys.
Microsoft, the leading tech company has also said in a Jan.3 security bulletin that the “customers will not get the January 2018 security updates and will be unable to protect their devices from security vulnerabilities or online threats, unless the antivirus software they are using doesn’t get the following registry key implemented by the vendors”.
Graham also warned that the Operating System Level and BIOS (Basic Input Output System) patches, the purpose of which is to remove Spectre and Meltdown issue can also cause slow performance of your device.
According to Microsoft, the patches have fixed is a Microsoft Office memory corruption vulnerability (CVE-2018-0802), which permits remote code execution in this productivity suite in case the software is unable to handle objects in the memory. Many targets have been made available to open a specially designed Office document that can allow an adversary to have complete control over the affected system.
Microsoft, the tech leader has also patched a vulnerability (CVE-2018-0786) in .Net Framework (and .NET core) that stops the components to fully validate a certificate. The company also said that “An attacker could display a certificate that is marked invalid for a particular purpose, but the component is utilizing the same certificate for the same use. This ultimately disrespects the Enhanced Key Usage taggings described by us.”
According to the Zero Day Initiative’s Patch Tuesday analysis, “this is surely the type of bug malware authors seek, as it would make them to allow their invalid certificates to be displayed valid among the users”.
One among the total dealt CVEs by the company in January is a spoofing vulnerability in its worldwide popular productivity suite (Microsoft Office.com/setup) for Mac. The vulnerability doesn’t allow some versions of the Office for Mac to deal or manage the encoding and show the email address appropriately. This inability to handle and display the email address may cause antivirus or anti-spam scanning to stop providing the protection to your system, said the company.
Sherry Williams is a passionate writer who loves to write on the latest technological updates, new Office versions, Microsoft product launches, printer issues, errors associated with Dell and Webroot printers and more. While writing, she mainly focuses on delivering the accurate information to her readers.
Follow this link for more information office setup