HomeWinBuzzer NewsMicrosoft Patch Tuesday Highlights Zero-Day Vulnerabilities in Edge and Office

Microsoft Patch Tuesday Highlights Zero-Day Vulnerabilities in Edge and Office

49 vulnerabilities were found across 10 security bulletins. Microsoft says there were four zero-day vulnerabilities in Edge, Office, Internet Explorer, Windows, and Skype for Business.

-

Through the October Patch Tuesday yesterday, Microsoft highlighted dozens of critical flaws that were fixed. 10 security bulletins were confirmed by the company, together containing 49 vulnerabilities. The release shows how vulnerable major services are and how users can help to avoid them.

Microsoft points out that five of the critical flaws affected Internet Explorer, Edge, and Office. Those are major services. Moreover, the company says five bulletins were critical. They came from remote code execution vulnerabilities affecting Edge, Internet Explorer, Adobe Flash Player, Office, Windows, and Skype for Business.

The most worrying thing is that four of the vulnerabilities were zero-day. This means the bugs were previously unknown and are a new kind of threat. For example, the Internet Explorer zero-day is called CVE-2016-3298 and is in two bulletins.

CVE-2016-3298 gives attackers the ability to test for files on a disk. Microsoft says users would need to enter a malicious web location for the bug to exploit their system. The company adds this makes is more important that users display caution when clicking links and opening attachments from unclear sources.

Zero-Day Vulnerabilities

Office has also been subjected to a zero-day vulnerability. CVE-2016-7193 makes it easier for attackers to take over a system when a user is logged in as an administrator. Again, this would need the users to open a malicious attachment or open a nefarious website.

Microsoft has worked hard to make sure its Edge browser is secure. However, CVE-2016-7189 is an Edge zero-day that is found in the browser’s scripting engine. Once again, this could only be achieved if the users visited a website.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x
Mastodon