HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
NUCLEUS:13 TCP security bugs impact critical healthcare devices
AMD fixes dozens of Windows 10 graphics driver security bugs
Hackers undetected on Queensland water supplier server for 9 months
Magniber ransomware gang now exploits Internet Explorer flaws in attacks
Russian ‘King of Fraud’ sentenced to 10 years for Methbot botnet
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
During this month’s Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.
Zero-days, as defined by Microsoft, are publicly disclosed bugs with no official security updates.
The vulnerability, tracked as CVE-2021-42292, is a high severity security feature bypass that unauthenticated attackers can exploit locally in low complexity attacks that don’t require user interaction.
Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.
Luckily, Microsoft says that the Windows Explorer preview pane is not an attack vector for the two bugs.
This means that successful exploitation requires fully opening maliciously crafted Excel files instead of just clicking to select them.
While Redmond released security updates for systems running Microsoft 365 Apps for Enterprise and Windows versions of Microsoft Office and Microsoft Excel, it failed to patch the vulnerabilities on macOS.
Mac customers running macOS versions of Microsoft Office and Microsoft were told they’d have to wait a little longer for CVE-2021-42292 patches.
“The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available,” Microsoft said. “The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.”
The two bugs were discovered by security researchers with the Microsoft Threat Intelligence Center.
Microsoft also warned admins on Tuesday to immediately patch a high severity Exchange Server vulnerability tracked as CVE-2021-42321 and impacting on-premises servers running Exchange Server 2016 and Exchange Server 2019.
As explained in yesterday’s security advisories, successful exploitation may enable authenticated attackers to execute code remotely on vulnerable servers.
New macOS zero-day bug lets attackers run commands remotely
Apple fixes iOS zero-day used to deploy NSO iPhone spyware
Apple patches new zero-day bug used to hack iPhones and Macs
Microsoft: Shrootless bug lets hackers install macOS rootkits
Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks
Not a member yet? Register Now
Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Massive attack against 1.6 million WordPress sites underway

ALPHV BlackCat – This year’s most sophisticated ransomwareSonicWall ‘strongly urges’ customers to…

Glitch service abused to host short-lived phishing sites

US, UK warn of Iranian hackers exploiting Microsoft Exchange, FortinetRussian ransomware gangs…

Microsoft starts rolling out a new Windows 11 media player

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

Facebook disrupts operations of seven surveillance-for-hire firms

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…