Microsoft Massacres Valentines Day!

Posted in: Cyber Security 17/02/23

Microsoft Patch Tuesday fell on Valentines Day this week and no doubt blew out the romantic plans of a lot of people in the IT Industry!

With some 75 security patches, nine of which are rated “critical” and 66 “important,” and three of which related as under active exploitation.

Of these the most interesting is the CVSS 9.8 vulnerability in Microsoft Office through which an intruder can use the Outlook Preview Pane to launch a remote code execution attack using a malicious Rich Text Format file that would allow an intruder to “gain access to execute commands within the application used to open” the file.

Sadly, early indications are that there are some problems with these patches and we have seen a number of issues including having to rebuild one Exchange Server today.

Adobe has been very busy again with its patches this month, but none of the 28 CVEs it identified over the nine products being updated has an active exploit, with the company rating each update as something that can be installed at IT admin discretion.

In the Apple universe, macOS Ventura 13.2.1, iPadOS 16.3.1, and iOS 16.3.1, plus Safari 16.3 for macOS Big Sur and Monterey, were released this month to address various bugs including an exploited-in-the-wild flaw in WebKit as well as a hole that apps could use to gain kernel privileges.

AMD published updates on two security issues in its products. CVE-2022-27672 is another one of those data-leaking speculative-execution flaws involving hardware threads and virtualization in some of its Ryzen and Epyc processors.

Patching of critical issues is required within 14 days of issue under the Cyber Essentials standard. If your organisation needs help with Data Security or Patch Management then book a consultation with IT Ambulance today.

Can we help?

Book a no obligation phone consultation with one of our management team to discuss your IT support requirements.


Related news


IT Ambulance sets the standard for Data Security.

Any organisation who works under the constraints of ISO based systems will recognise the amount of effort that goes into establishing and then continuing the process development

Read more

Microsoft Exchange and Dell, Zero day exploits under attack.

In a flurry of activity overnight, our technicians rushed to patch two zero day exploits to Microsoft Exchnage under active attack.  Vulnerabilities were discovered in Microsoft Exchange Server 2013,

Read more
Start a conversation

Book a no obligation phone consultation with one of our management team to discuss your IT support requirements.