Security News

Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers from Check Point research said in a report published today.

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June's Patch Tuesday addresses just 49 security holes - about half the normal number of vulnerabilities lately.

Microsoft has fixed 50 security vulnerabilities, six of which are actively exploited zero-days. On this June 2021 Patch Tuesday, Microsoft has splatted 5 critical and 45 important bugs.

"These attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution in the Chrome web browser, we were able to find and analyze an elevation of privilege exploit that was used to escape the sandbox and obtain system privileges," Larin explained. According to Kaspersky, the two Windows flaws were chained to an exploit for a different Chrome vulnerability to plant high-end malware on specific targets running Windows.

Today is Microsoft's June 2021 Patch Tuesday, and with it comes fixes for seven zero-day vulnerabilities and a total of 50 flaws, so Windows admins will be scrambling to get devices secured. Microsoft has fixed 50 vulnerabilities with today's update, with five classified as Critical and forty-five as Important.

Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine. According to the researchers, the issue is in a MSGraph file parsing function, which "Is commonly used across multiple different Microsoft Office products, such as Excel, Office Online Server and Excel for OSX.".

Google, Microsoft, Apple, and Mozilla have launched the WebExtensions Community Group to collaborate on standardizing browser extensions to enhance both security and performance. "With multiple browsers adopting a broadly compatible model for extensions in the last few years, the WECG is excited to explore how browser vendors and other interested parties can work together to advance a common browser extension platform," the browser vendors said.

Expel for Microsoft automates security operations across the Microsoft tech stack, including Active Directory, AD Identity Protection, Azure, MCAS, Microsoft Defender for Endpoint, Office 365 and Sentinel. Expel connects via APIs and ingests security signals from Microsoft's products into Expel Workbench, along with other third-party signals you have in place.

Microsoft has started training their machine learning algorithms by automatically updating Windows 10 2004 devices to the recently released Windows 10 21H1, the May 2021 feature update. Last month, Microsoft released the Windows 10 21H1 feature update, also known as the May 2021 Update, to users as an optional update displayed when manually performing a 'Check for updates' in Windows Update.

Since 2015, Microsoft has stated that Windows 10 is the last version of the Windows operating, but what is being seen as hints dropped by Microsoft could mean that Windows 11 is around the corner. At the 2015 Microsoft Ignite conference, developer evangelist Jerry Nixon stated that Windows 10 is the last version of Windows.