Did you nab all the Microsoft Office updates for July?
Though Microsoft released a number of security patches in its July 11 update (on formerly-and-still-somewhat-known-as Patch Tuesday), there were a number of out-of-band updates also released on July 27. This update applies to vulnerabilities specifically Outlook and Office Click-to-run.
Several of the vulnerabilities in the late July update prevent remote code executions (RCE) in Outlook 2007, 2010, 2013 and 2016, as well as Office 2010 and 2016 Click-To-Run.
“This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file,” writes Microsoft in their security update.
For those keeping score at home, the patched RCE vulnerability in question specifically are CVE-2017-8571, CVE-2017-8572, and CVE-2017-8663.
Another day, another update, yes, but we always encourage you to apply these updates as expediently as possible. Attackers use these vulnerabilities because they know inevitably not everyone is as up-to-date as they could or should be. Microsoft Office is still a major attack vector, and unfortunately we see attackers targeting Office users all the time. It’s tried and true for them, sadly.
So don’t make an attacker’s job any easier than it needs to be: apply these patches as soon as you can.
Roland Schmid (@r_u_schmid)
how can I easy and fast check if the patches are downloaded and installed?
Radio Guy
Start > Control Panel > Programs and Features > View Installed Updates
R. Dale Barrow
Hopefully they’ve fixed the problem with Outlook 2013 where it marks the Naked Security newsletter as SPAM. This has been going on for weeks now matter how often I say “No”. Annoying – as I find so much software to be these days.
I should know later on today. (August 9, 2017).
R. Dale Barrow
Nope – your newsletter is still junk in Outlook 2013 land. Sigh.
R. Dale Barrow
Surprise! Outlook 2013 is now playing nice with your newsletter.