Last month’s Patch Tuesday highlighted updates for older Windows versions to address vulnerabilities responsible for the WannaCry outbreak. This July, Patch Tuesday shifts its focus to other technologies, with an update that addresses 54 vulnerabilities – including one in the augmented reality sphere.Read More
Last month, in reaction to the WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP—an operating system it had stopped supporting in 2014.Read More
Microsoft addresses a zero-day vulnerability that exploits the Microsoft Malware Protection Engine before May’s Patch Tuesday.Read More
One of the major updates for this month’s Patch Tuesday addresses CVE-2017-0199, a zero-day remote code execution vulnerability that allowed attackers to exploit a flaw that exists in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office. This flaw is currently being exploited by the notorious DRIDEX banking trojan.
Threat actors leveraging this vulnerability do so via a spam campaign in which the attacker sends an email with an embedded Microsoft Word document to a targeted user. When the user opens the attached document, the hidden exploit code connects to a remote server that fetches malicious files, which are DRIDEX variants(detected by Trend Micro as TSPY_DRIDEX.SLP, TROJ_CVE20170199.B and TROJ_CVE20170199.C).Read More
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical updates bulletins is MS17-012, which resolves several vulnerabilities, including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB).Read More