Adobe mixes mud for some not-so-serious holesĪdobe has patched practically everything it makes this month, but none of the 28 CVEs it identified over the nine products being updated has an active exploit, with the company rating each update as something that can be installed at IT admin discretion. However, it is unusual to see half of the release address remote code execution bugs," said Dustin Childs, ZDI's head of threat awareness. "This volume is relatively typical for a February release. The remaining three critical vulnerabilities are all in Microsoft's Protected Extensible Authentication Protocol, which Trend Micro's Zero Day Initiative noted isn't used much anymore. There's also an iSCSI Discovery Service vulnerability, also rated a 9.8, that could let an attacker gain RCE privileges on any 32-bit machine they can find iSCSI DS running on. GPU slowdown earns Discord weird bug of the weekįar more interesting is the CVSS 9.8 vulnerability in Microsoft Office through which an intruder can use the Outlook Preview Pane to launch a remote code execution attack using a malicious RTF file that would allow an intruder to "gain access to execute commands within the application used to open" the file.Ransomware scum launch wave of attacks on critical, but old, VMWare ESXi vuln.Happy Valentine's Day: Here's the final nail in Internet Explorer's coffin.If the authenticated attacker can convince a victim to download and open a malicious file then the security hole can be exploited, otherwise it's not going to happen. The attack has to be carried out by a local user who's already authenticated, Microsoft said.
The third under active exploit is serious - it could allow an attacker to bypass Office macro security policies - but Microsoft's own explanation of the vulnerability undermines its potential danger.
0 kommentar(er)
