Here is a vulnerability summary for Microsoft's January 2018 Patch Tuesday. Disguised as a bogus invoice, it installed the FormBook information stealing trojan. Researchers at Palo Alto Networks found thousands of attempts to exploit this flaw after the November patch, including one that targeted organizations in Europe. According to Microsoft, someone else has since been using a related Office memory corruption flaw in remote attacks that are possibly using specially crafted Office or WordPad files. Of the fixes 56 vulnerabilities in this update, Microsoft has revisited the 17-year-old Equation Editor flaw in Office it patched in November.Ī cybercriminal gang began exploiting that flaw soon after Microsoft released the patch.
The regular Patch Tuesday update follows Microsoft's troublesome January 3 emergency patches for the Meltdown and Spectre CPU attacks, which have caused confusion for users of some third-party antivirus products and problems for some AMD systems. Microsoft has released its first Patch Tuesday security update for 2018, which brings fixes for 56 flaws, as well as Adobe Flash updates, and a fix for a new Office vulnerability caused by Word's built-in Equation Editor that's already under attack. Oracle's critical patch update offers fixes against CPU attacks.Four things every Windows admin needs to do now.New updates bring fix for unbootable AMD PCs.Apple backports Meltdown fix to older macOS versions.Linus Torvalds criticizes Intel's 'garbage' patches.Intel: Stop firmware patching until further notice.Linux and Intel slowly hack their way to a Spectre patch.Lawmakers: Why were flaws kept secret from industry?.