Security Update for Microsoft Office Word, and Wordpad

[Regedit32]

You may see articles online now, or days to come exposing the 9 months it took Microsoft to patch this exploit, and how McAfee irresponsibly posted a blog which within 24 hours saw the Dark Web selling tools, that allow hackers to steal quite a lot of money from innocent people. Example article: http://www.stuff.co.nz/technology/d...-flaw-for-months-while-microsoft-investigated

The exploit finally confirmed here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199

The April 11 updates from Microsoft for Office which includes the patch here:

https://support.microsoft.com/en-us/help/4016803/april-11-2017-update-for-microsoft-office


If you've blocked 'other Windows updates', then I'd recommend you unblock it for this patch.

 

[Trouble]

Thanks for the reminder.
I'm still confused as to why my Office 365 subscription did not auto update itself.
I had to go manually into Word and use the account utility to manually update to Version 1703 (Build 7967.2139).
I've looked around and apparently have all the requisite check boxes checked so..... IDK.

 

[Data]

I posted about that a few days back here https://www.windows10forums.com/threads/new-zero-day-exploit.12714/#post-62317

I PM Trouble with exploit details, despite it being available in some reputable and public websites, I thought best not to let it loose around here, you never know what some kids will do)

The patches for this exploit were released https://www.catalog.update.microsoft.com/Search.aspx?q=KB4014793 that information is available at https://support.microsoft.com/en-gb/help/4014793/title

Ms offer more information about patches at https://portal.msrc.microsoft.com/en-US/security-guidance (must accept terms of service to view)

Talk about convoluted methods, I believe all information relevant should be readily available not hidden in sub-levels

 

[Regedit32]

Ahh I did not see that one Data - thanks for posting it.

We all need reminders to keep an eye out for our Security.

 

[Regedit32]

Nice information there Trouble.

I'm not using the latest Office, so its always good when someone can point the other users into a simple way to get their updates.

 

[Data]

I try to keep as much as possible pached, and read security news every day, but its an uphill struggle.

One of the upsides of Linux is you can just grab source, patch and compile/install you dont have to wait for Satya to finish cooking his Curry.

 

[Regedit32]

Yes Linux does have some advantages there.

However, one down-side was the news yesterday for Linux users, that you now have to pay for the GrSecurity Kernel patches. http://www.linuxsecurity.com/content/view/171325/169/


Talk about Robin Hood turning to the dark side!

 

[Norton]

I run MS Office 2010 and have had "Get other MS products" deselected for 6 months or more.
I just happened to re-enable it after reading @Data post "zero day exploit"
On April 23 I received the following Outlook / Office updates.

 

[Data]

Yes Linux does have some advantages there.

However, one down-side was the news yesterday for Linux users, that you now have to pay for the GrSecurity Kernel patches. http://www.linuxsecurity.com/content/view/171325/169/


Talk about Robin Hood turning to the dark side!

The Linux Kernel is full of holes, recently only patched CVE-2017-2636 a seven year oldie and CVE-2017-6074 a eleven year oldie, the sort of thing (double free) a automated Coverity scan would have uncovered. Look at this https://scan.coverity.com/projects/linux feel secure? Nope.