Microsoft Patch to Fix Vulnerabilities in Office, Edge, Windows, and More

Share the joy

Your computer will be infected if you open the file. 

On Tuesday, Microsoft rolled out an update to fix security vulnerabilities. The update is part of its Patch Tuesday. It fixes a critical zero-day vulnerability that hackers have been exploiting using Office files that contain ActiveX controls. 

Microsoft warned users about the flaw. Attackers are exploiting a Microsoft remote code execution vulnerability that uses malicious Office files. The flaw affects Windows servers from the 2008 version and Windows 7 up to 10. 

Send Victims Office Files 

The hackers send victims an Official file. As usual, the file tricks users into opening it. 

When it’s clicked, the file opens Internet Explorer and the victim is presented with the bad actor’s web page. The page, however, has an ActiveX control that downloads the malicious program onto the victim’s computer. 

The infected file looks reliable. For instance, the victim sees a .docx document. That document seems legit.

Microsoft stated that Its Defender Antivirus and Defender for Endpoint can detect the vulnerability and stop infection. The company said that users must update and run Defender to prevent their computers from being infected. 

Furthermore, the company advised users to disable ActiveX controls in IE to make it inactive for all websites. 

Microsoft also released security updates for users of Windows 7, Windows Server 2008, and Windows Server 2008 R2. 

Apple Released a Patch Too

Microsoft isn’t the only company that’s releasing a patch. Recently, Apple released an update that fixes a major vulnerability in its operating systems. The patches are designed for iOS, macOS, and watchOS. They fix a security flaw that hackers have been actively exploiting since February. 

Security researchers disclosed the vulnerability to Apple. The researchers discovered a hole while they analyzed the iPhone of a Saudi activist. 

The exploit uses the weaknesses in iMessage. It uses Apple’s image rendering library. It can infect the device sans user intervention. The researchers found that the flaw is inherent in iOS, watchOS, and macOS. 

Update Your Device 

Downloading and installing a file or a program can be harmful to your device. Even if you’re downloading it from a trusted web page, the file can still be infected. 

The only way to protect your PC from getting infected is to update it. 

If you’re using a Mac, iPhone, or Apple Watch, you need to update it, too. 

Why It’s Called a Zero-Day Attack? 

It’s called that way because the attack happens when hackers exploit the vulnerability before developers could address it. 

The software has plenty of security vulnerabilities that hackers can easily exploit. The developers are always looking for flaws to patch and releasing a patch to that flaw in a new update. 

But in a zero-day attack, hackers spot the flaw before the developers do. As a result, attackers can write code to victimize users. They have several goals for this. They could steal their identity or commit other forms of cybercrime. 

To prevent it from happening, make sure to always download and install the security update of your device.

Share the joy

Author: Jane Danes

Jane has a lifelong passion for writing. As a blogger, she loves writing breaking technology news and top headlines about gadgets, content marketing and online entrepreneurship and all things about social media. She also has a slight addiction to pizza and coffee.

Share This Post On