Particular Microsoft Trade 2019 and 2019 are threatened by a brand new vulnerability referred to as CVE – 202142321 known as. As quickly as attackers are authenticated, they’ll execute malicious code by way of this vulnerability. Microsoft doesn’t clarify precisely how this works. As a substitute, the corporate has posted a put up explaining how admins can safe their servers. Heise explains that mainly simply putting in the safety updates from November 2021 needed. General, Microsoft has 55 Recognized gaps and offered software program updates for them. The corporate describes six weak factors as essential.
Excel within the sights of the attackers – Mac model with out patch
Excel paperwork with malicious code are at present circulating once more. Microsoft urges warning as there’s a new bypass vulnerability by way of which this code can enter the techniques. Whereas there’s a patch for the Home windows model, the producer continues to be engaged on an replace for the Mac model. He particularly warns of the Trade and Excel gaps, as exploits exist already for them – so malicious persons are already utilizing them.
Additional gaps: 3D Viewer, RDP and VMBus
One other essential hole considerations digital machine buses (VMBUs): attackers can use ready queries to set off errors through this channel after which slip malicious code on the host. The 2 weak factors within the 3D viewer, each of that are categorised as “vital”, are already public. Two holes within the Home windows Distant Desktop Protocol (RDP), which have additionally already change into public, belong to the identical class. The opposite warning messages relate to gateways that aren’t but identified and for which no hacker packages are but in circulation. The Zero Day Initiative provides a very good overview of all weaknesses of the month.