Microsoft Massacres Valentines Day!

Microsoft Patch Tuesday fell on Valentines Day this week and no doubt blew out the romantic plans of a lot of people in the IT Industry!

With some 75 security patches, nine of which are rated “critical” and 66 “important,” and three of which related as under active exploitation.

Of these the most interesting is the CVSS 9.8 vulnerability in Microsoft Office through which an intruder can use the Outlook Preview Pane to launch a remote code execution attack using a malicious Rich Text Format file that would allow an intruder to “gain access to execute commands within the application used to open” the file.

Sadly, early indications are that there are some problems with these patches and we have seen a number of issues including having to rebuild one Exchange Server today.

Adobe has been very busy again with its patches this month, but none of the 28 CVEs it identified over the nine products being updated has an active exploit, with the company rating each update as something that can be installed at IT admin discretion.

In the Apple universe, macOS Ventura 13.2.1, iPadOS 16.3.1, and iOS 16.3.1, plus Safari 16.3 for macOS Big Sur and Monterey, were released this month to address various bugs including an exploited-in-the-wild flaw in WebKit as well as a hole that apps could use to gain kernel privileges.

AMD published updates on two security issues in its products. CVE-2022-27672 is another one of those data-leaking speculative-execution flaws involving hardware threads and virtualization in some of its Ryzen and Epyc processors.

Patching of critical issues is required within 14 days of issue under the Cyber Essentials standard. If your organisation needs help with Data Security or Patch Management then book a consultation with IT Ambulance today.