Microsoft company decided to change the windows update system in their previous operating systems Windows…
Yesterday, June 8, 2021, Microsoft released a patch for a vulnerability affecting the Microsoft Office MSGraph component, which is responsible for displaying graphics and charts.
As it turns out, it can be used to execute code on the target machine. Unfortunately, this component can be embedded in most Office documents.
All bugs were found by fuzzing MSGraph. The reason the researchers focused on testing MSGraph is because it contains code that is at least 17 years old. The attacks associated with this component may be similar to attacks on the Microsoft Equation Editor, the errors in which, corrected in 2017, continue to be actively exploited to this day.
Vulnerabilities in MSGraph were identified as CVE-2021-31939, CVE-2021-31174, CVE-2021-31178 and CVE-2021-31179.
Almost no details about the first bug are available, since the CVE was assigned to it quite recently, and the patch was released only yesterday. It is only known that the problem is of the use-after-free type and may lead to the execution of arbitrary code on the system.
As for the other three flaws, they were all fixed last month:
Let me remind you that we talked about the fact that PuzzleMaker Cluster Attacks Companies with 0-Day Vulnerabilities in Windows 10, as well as that Microsoft fixed 17-year-old critical vulnerability in Windows DNS Server.
Rokinat.co.in is a domain that tries to force you into subscribing to its browser notifications…
Jollypulse.co.in is a site that tries to trick you into subscribing to its browser notifications…
Gtrewe.co.in is a domain that tries to trick you into clik to its browser notifications…
News-bnaxura.cc is a domain that tries to force you into clik to its browser notifications…
News-bpeloyo.cc is a site that tries to force you into subscribing to its browser notifications…
Sos-bg-sof-1.exo.io is a site that tries to force you into clik to its browser notifications…