macOS patches are still "under construction"Įven though Redmond has released security updates for Microsoft 365 Apps for Enterprise and Windows versions of Microsoft Office, the company is still working on patches addressing the vulnerability on macOS. This implies that exploitation is possible without having to trick potential victims into opening maliciously crafted Office files but, instead, only having to select them in an Explorer window with the preview pane enabled. However, it can be exploited via the Windows Explorer preview pane as confirmed by CERT/CC vulnerability analyst Will Dormann. Luckily, Microsoft says that the Outlook preview pane cannot be used as an attack vector in exploitation attempts targeting this vulnerability. To successfully exploit this critical vulnerability, attackers would have to trick their targets into opening a specially crafted Office document delivered using a link shared via instant messaging or email. "In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability."
"In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file," Microsoft explains.
Microsoft for osx code#
The security flaw, tracked as CVE-2022-21840, is a remote code execution (RCE) bug that attackers can exploit with no privileges on the targeted devices as part of low complexity attacks that require user interaction.
Microsoft for osx Patch#
During this year's first Patch Tuesday, Microsoft has addressed a critical severity Office vulnerability that can let attackers execute malicious code remotely on vulnerable systems.
0 kommentar(er)
