Microsoft Patches RCE Bug Actively Under Attack
Microsoft has patched 74 bugs, one under active attack, as part of the Patch Tuesday security roundup. In Internet Explorer, the previously vulnerable Microsoft bug allows attackers to execute rogue code if a user opens a malicious web page of Office document, permitting the attacker to gain control of the affective system and gain the same user rights. In early November, Microsoft issued a warning claiming that SYLK files were surpassing endpoint defenses, leaving systems vulnerable to remote attacks. The additional 10 critical bugs Microsoft issued include an Excel bypass which was exploited as a zero-day and publicly disclosed in late October.
Experts stated that yesterday’s Patch Tuesday should serve as a critical reminder to Windows end-of-life dates and users should be aware of them in the upcoming months.