Nov 10, 2021
0 0

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait

Written by

Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
TeamTNT hackers target your poorly configured Docker servers
NUCLEUS:13 TCP security bugs impact critical healthcare devices
HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
Researchers show that Apple’s CSAM scanning can be fooled easily
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
During this month’s Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.
Zero-days, as defined by Microsoft, are publicly disclosed bugs with no official security updates.
The vulnerability, tracked as CVE-2021-42292, is a high severity security feature bypass that unauthenticated attackers can exploit locally in low complexity attacks that don’t require user interaction.
Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.
Luckily, Microsoft says that the Windows Explorer preview pane is not an attack vector for the two bugs.
This means that successful exploitation requires fully opening maliciously crafted Excel files instead of just clicking to select them.
While Redmond released security updates for systems running Microsoft 365 Apps for Enterprise and Windows versions of Microsoft Office and Microsoft Excel, it failed to patch the vulnerabilities on macOS.
Mac customers running macOS versions of Microsoft Office and Microsoft were told they’d have to wait a little longer for CVE-2021-42292 patches.
“The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available,” Microsoft said. “The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.”
The two bugs were discovered by security researchers with the Microsoft Threat Intelligence Center.
Microsoft also warned admins on Tuesday to immediately patch a high severity Exchange Server vulnerability tracked as CVE-2021-42321 and impacting on-premises servers running Exchange Server 2016 and Exchange Server 2019.
As explained in yesterday’s security advisories, successful exploitation may enable authenticated attackers to execute code remotely on vulnerable servers.
New macOS zero-day bug lets attackers run commands remotely
Apple fixes iOS zero-day used to deploy NSO iPhone spyware
Apple patches new zero-day bug used to hack iPhones and Macs
Microsoft: Shrootless bug lets hackers install macOS rootkits
Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks
Not a member yet? Register Now
MediaMarkt hit by Hive ransomware, initial $240 million ransom
Microsoft urges Exchange admins to patch bug exploited in the wild
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.