Windows is well-known for being very susceptible to viruses, with Mac OS taking second place (sorry Mac users but that rumor about Mac being impervious to viruses is far from the truth). In the constant cat-and-mouse game that is cyber-crime, Microsoft has made a huge move.
The global creator of Windows has released a colossal security update; fixing a total of fifty vulnerabilities. Two of these were critical Outlook vulnerabilities that did not even require user interaction.
The Outlook issues are as follows:
Microsoft Outlook Memory Corruption Vulnerability – this involves sending an email to someone containing a file. If the file appears in the preview pane or the user clicks on it to open it, the attacker will be able to execute code through the current user – meaning if the person who opens it has administrative rights, it will be run with administrative rights and the hacker will have full control over the computer.
Microsoft Outlook Elevation of Privilege Vulnerability – Microsoft Outlook does not properly validate the formatting of the incoming messages. This allows an attacker to send a specially crafted email that (whether the victim reads it or not) will cause Outlook to attempt to load a local or remote message store.
Fortunately, the exact details of how to perform these attacks has not been released to the public and this attack has not been seen in the wild yet.
Other vulnerabilities patched include a patch for a vulnerability in Adobe Flash and a patch to help with the whole Spectre and Meltdown situation which you may remember from our previous article.