In this week’s Patch Tuesday for Windows fixes dozens of flaws, but one of flaws is a critical vulnerability in WordPad and Office that could allow a remote attacker to install malware on your machine.
“A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explains.
What’s also interesting here is that you won’t find that tidbit in a security bulletin, as would have been the case for every Patch Tuesday prior to today. That’s because Microsoft has introduced a new format for these updates in which it now provides details about its patch through its “Security Update Guide.”
This week’s Patch Tuesday update contains a laundry list of CVEs in Edge, Internet Explorer, Windows, Office, Visual Studio for Mac, Silverlight, and .NET Framework. If you want to view which ones are marked as Critical, go here and click the Severity checkbox at the top, then click the new Severity column.
