Microsoft’s Patch Tuesday cycle brought fixes for a total of 45 vulnerabilities in Microsoft’s software which includes Office, Internet Explorer, and Edge browser.
What is important is that the security flaws allowed hackers to take control of their system, and this does nothing more than to emphasize how important it is to update computers as soon as possible.
This month, Microsoft finally makes the transition from releasing security bulletins to the new security update guide, which the company says should make it easier for everyone to patch systems. With this new approach, related vulnerabilities and products are grouped together for easier patching, while the previous system relied on individual security bulletins known by the MS format.
On of the important security updates landing this month patches the vulnerability documented in CVE-2017-0199 and is aimed at fixing the zero-day flaw in Microsoft Word and WordPad which allowed cyber criminals to deploy malware with a compromised RTF document.
All supported Internet Explorer versions are getting patches for two critical vulnerabilities, namely CVE-2017-0201 and CVE-2017-0202, while Microsoft Edge browser, the new default in Windows 10, is targeted by fixes for three different security flaws (CVE-2017-0093, CVE-2017-0200, CVE-2017-0205), which could allow an attacker to take control of an unpatched system.
These security updates are shipped via Windows Update and users and IT admins alike are recommended to update this as soon as possible, especially because fixes for zero-days are also included. Users who are unable to deploy the patch right now are advised to avoid opening RTF documents from untrusted sources and also refuses to click on suspicious links on systems where Internet Explorer or Microsoft Edge is the default browser.
