HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
NUCLEUS:13 TCP security bugs impact critical healthcare devices
AMD fixes dozens of Windows 10 graphics driver security bugs
Hackers undetected on Queensland water supplier server for 9 months
Magniber ransomware gang now exploits Internet Explorer flaws in attacks
Russian ‘King of Fraud’ sentenced to 10 years for Methbot botnet
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
During this month’s Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.
Zero-days, as defined by Microsoft, are publicly disclosed bugs with no official security updates.
The vulnerability, tracked as CVE-2021-42292, is a high severity security feature bypass that unauthenticated attackers can exploit locally in low complexity attacks that don’t require user interaction.
Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.
Luckily, Microsoft says that the Windows Explorer preview pane is not an attack vector for the two bugs.
This means that successful exploitation requires fully opening maliciously crafted Excel files instead of just clicking to select them.
While Redmond released security updates for systems running Microsoft 365 Apps for Enterprise and Windows versions of Microsoft Office and Microsoft Excel, it failed to patch the vulnerabilities on macOS.
Mac customers running macOS versions of Microsoft Office and Microsoft were told they’d have to wait a little longer for CVE-2021-42292 patches.
“The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available,” Microsoft said. “The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.”
The two bugs were discovered by security researchers with the Microsoft Threat Intelligence Center.
Microsoft also warned admins on Tuesday to immediately patch a high severity Exchange Server vulnerability tracked as CVE-2021-42321 and impacting on-premises servers running Exchange Server 2016 and Exchange Server 2019.
As explained in yesterday’s security advisories, successful exploitation may enable authenticated attackers to execute code remotely on vulnerable servers.
New macOS zero-day bug lets attackers run commands remotely
Apple fixes iOS zero-day used to deploy NSO iPhone spyware
Apple patches new zero-day bug used to hack iPhones and Macs
Microsoft: Shrootless bug lets hackers install macOS rootkits
Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks
Not a member yet? Register Now
Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

As Twitter removes blue badges for many, phishing targets verified accounts

Convincing Microsoft phishing uses fake Office 365 spam alertsMicrosoft reverses Windows 11’s…

Some Tesla owners unable to unlock cars due to server errors

US regulators order banks to report cyberattacks within 36 hoursHackers deploy Linux…

Robinhood discloses data breach impacting 7 million customers

State hackers breach defense, energy, healthcare orgs worldwideMediaMarkt hit by Hive ransomware,…

This image looks very different on Apple devices — see for yourself

TellYouThePass ransomware revived in Linux, Windows Log4j attacksCredit card info of 1.8…