19 critical vulnerabilities addressed by Microsoft patch
July 12, 2017
Shah Sheikh (1294 articles)

19 critical vulnerabilities addressed by Microsoft patch

The Tuesday patch released by Microsoft recently addressed 19 critical vulnerabilities and 55 other flaws, the former being all related to remote code execution. Multiple products were affected by this patch including Internet Explorer 11, Office, Adobe Flash player, Edge, and most importantly, the windows OS itself.

Microsoft Office had multiple critical vulnerabilities including CVE-2017-8570 whereby failure from the software to handle properly an object in memory permits a remote code execution by sending the user a specially crafted file. CVE-2017-8607 affecting IE 11 was a scripting engine memory corruption vulnerability which allowed an attacker to have equal rights to the current user meaning that a user with administrative rights would be handing it over to the attacker for further exploitation.

What is intriguing is CVE-2017-8584 affecting Microsoft’s HoloLens (a holographic computer) whereby an attacker can have full access such as install programs, change or delete data, all while having admin rights. This illustrates how even future technology is being affected.

Source: scmagazine