Microsoft patches memory corruption & info disclosure vulnerabilities

News by SC Staff

Microsoft has patched a memory corruption vulnerability and an information disclosure vulnerability in Microsoft Office Outlook.

The memory corruption flaw CVE-2017-8663 requires a user to open a specially crafted file with an affected version of Microsoft Outlook. It could be exploited in an email attack scenario by sending a specially crafted file to the user and then convincing the user to open the file.

The information disclosure flaw CVE-2017-8572 can be exploited if an attacker knew the memory address location where the object was created and then crafted a special document file and convinced the user to open it. Exploitation of the flaws would allow a remote attacker to take control of an affected system.

Neither of the flaws have been publicly exploited and Microsoft hasn't identified any workarounds or mitigation factors for the bug. Users should update their systems to the latest version to ensure their devices are secure. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike