Macs exposed to zero-day flaw after Microsoft Office update
Macs exposed to zero-solar day flaw after Microsoft Office update
Microsoft has pushed out its latest circular of Patch Tuesday updates, fixing 55 security flaws in Windows, including two that are actively being exploited in the wild by hackers.
But if you're on a Mac, y'all may exist up the creek, because one of those two nada-days also works on older versions of Office for Mac, and in that location's no patch for those notwithstanding.
- 'You' search engine promises amend privacy, simply something's a flake off
- The best MacBook you can buy correct now
- Plus: Apple tree only backtracked on iPhone thirteen repairs that intermission Face ID
"The security update for Microsoft Office 2019 for Mac and Microsoft Part LTSC [Long Term Servicing Channel, an enterprise version] for Mac 2021 are not immediately available," reads Microsoft's security informational for this flaw, catalogued equally CVE-2021-42292. "The updates will exist released as soon as possible, and when they are available, customers volition be notified via a revision to this CVE information."
This flaw is divers as a "Microsoft Excel Security Feature Bypass Vulnerability" that requires local admission to exploit. That unremarkably ways the attacker has to be seated at the auto, but Microsoft notes that local admission tin also exist achieved by remotely breaking into the machine, or past "tricking a legitimate user into opening a malicious document."
Microsoft didn't say who exactly was exploiting the flaw, who they are targeting or how exactly the exploit works, other than that the Office Preview Pane, the thumbnail that you'll come across if you click once on a file in File Explorer, "is not an attack vector."
But the flaw has been patched in older Windows versions of Microsoft Role, including Role 2013, Role 2016, Role 2019, Office LTSC 2021 and Microsoft 365. Regular consumer versions of Function 2021 for Mac or PC, released just last calendar month, weren't listed as vulnerable by Microsoft's informational.
At that place seem to exist ii related flaws that accept not notwithstanding been exploited in the wild, although now that the secret's out information technology may just be a matter of fourth dimension.
CVE-2021-40442 is an Excel remote lawmaking execution (RCE) flaw, and its patch is as well not available for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021. CVE-2021-42296 is a Word RCE flaw and affects merely enterprise versions of Office.
How to protect yourself from this exploit
If you're using Microsoft Office 2019 or LTSC 2021 on a Mac, don't open any Excel files that come up from sources you don't know, including links to Excel files posted online, until Microsoft pushes out a patch for Macs as well.
The other zero-twenty-four hours flaw being currently exploited has to do with Microsoft Exchange Server, software that companies running Microsoft electronic mail systems use. Four other flaws being fixed had been previously disclosed but not exploited; two involving the optional 3D Viewer software, the other two involving the ever troublesome Remote Desktop Protocol.
As ever, you lot'll want to install Microsoft security patches in a timely manner. Equally hinted above, malicious hackers quickly try to effigy out the vulnerabilities Microsoft discloses every month so that they can attack machines that haven't installed the patches even so.
Source: https://www.tomsguide.com/news/microsoft-no-mac-patch-nov-21
Posted by: maffeiofterhaver80.blogspot.com
0 Response to "Macs exposed to zero-day flaw after Microsoft Office update"
Post a Comment