Microsoft Office

Microsoft is working on a new feature that will bring account switching support for Microsoft 365 web apps. The company announced in a message on the Microsoft 365 Admin Center that this update will allow users to seamlessly switch between multiple personal and work accounts in the same browser. Currently, Microsoft 365 web apps do…

Microsoft released 71 fixes this month, 3 of which are rated Critical and 68 Important. While three are publicly known at the time they were released, none are believed to be in active use by hackers. Windows and Windows Server Microsoft released an update for CVE-2022-21990, which is a Remote Desktop Client (RDP) remote code…

Microsoft is finally getting ready to block Visual Basic for Applications (VBA) macros downloaded from the internet by default in several Office apps. The Redmond giant has already started restricting Excel 4.0 (XLM) macros, and this change will now impact all VBA macros in Word, PowerPoint, Visio, Access, and Excel files. By default, Microsoft Office…

Microsoft patches a wormable bug in http.sys in Windows and Windows Server. There are also fixes for three remote code execution vulnerabilities in Exchange Server. And Adobe releases fixes for 26 flaws in Acrobat and Reader. So, let’s get started! Windows and Windows Server This month there are fixes for six zero-days in Windows and…

Patch Tuesday in November 2021 sees Microsoft release patches to address 55 CVEs, including fixes for 6 zero-day bugs. There are updates for products including Windows, Windows Server, Office, Exchange Server, Active Directory, Microsoft Dynamics, Hyper-V, and Azure Real Time Operating System (RTOS), which is ThreadX RTOS, an embedded real-time operating system that Microsoft purchased…

September 7th, Microsoft released a security advisory for a remote code execution vulnerability (CVE-2021-40444) in Microsoft MSHTML, the rendering engine that Office apps use in Windows to display web content. Microsoft says that it is investigating reports of targeted attacks that try to exploit the MSHTML flaw using specially designed Microsoft Office files. The announcement…

Microsoft has released a relatively small number of fixes this month, in total just 56. But they include patches for a zero-day flaw in the Win32k component and some serious TCP/IP networking stack vulnerabilities. Windows and Windows Server February’s cumulative update (CU) for Windows 10 comes with a patch for a zero-day Elevation of Privilege…

Microsoft fixes a zero-day in its Defender antimalware software and issues a patch for a vulnerability that was publicly disclosed in December.

Microsoft rereleases Windows Server 2019 and Windows 10 version 1809, and patches 62 flaws, 13 of which are rated critical.

In this month’s Patch Tuesday, Microsoft released a disabled-by-default patch for Spectre 4, Adobe plugs a zero-day Flash vulnerability that can be exploited via Excel, and there are fixes for DNS, black screens, and Cortana.