Office, Edge, Internet Explorer, and graphics components all ripe for remote code execution.
Microsoft's Patch Tuesday for August included four critical remote code execution vulnerabilities, some of which impact the new Windows 10 operating system.
Two of the bugs are in Windows browsers -- one in Internet Explorer and one in the new Microsoft Edge browser -- and both allow remote code execution if a user views a specially crafted webpage.
Another is in Microsoft graphics components, and could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts. (Last month, Microsoft released an out-of-band patch for a zero-day vulnerability revealed in the leaked Hacking Team files that was also related to embedded OpenType fonts; that bug was in the Microsoft fonts driver.)
The last critical vulnerability in this month's Patch Tuesday is in Microsoft Office. An attacker could compromise the user via a malicious Office file, conduct remote code execution and run arbitrary code in the context of the current user.
Fourteen vulnerabilities were patched, in all. The full details are available here.
Read more about:
2015About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024