Microsoft patches actively attacked vulnerabilities in Windows, Office and Internet Explorer

Posted 10 May 2017 14:03 CEST by Jan Willem Aldershoff

During May’s Patch Tuesday, Microsoft has patched 46 vulnerabilities, including 3 zero-days in Windows, Microsoft Office and Internet Explorer that were actively attacked before the patches were available.

The vulnerabilities in Internet Explorer 11 and Microsoft Office allowed an attacker to execute random code on the system when the user visited a malcious website or opened a malcious EPS file. The vulnerability in the Windows Kernel allowed an attacker to elevate privileges on the system and execute code with kernel rights.

Also vulnerabilities in Internet Explorer and Edge were patched, these were known before the patches were released but Microsoft claims they weren’t exploited.

The leak in Internet Explorer made it possible to bypass warnings for HTTP content on HTTPS websites. The Edge vulnerability allowed a malicious internet sites to perform action in the context of the Intranet Zone.

On most systems the update will be applied automatically.

Users that are on the RTM version of Windows 10 (released in July 2015) will no longer receive updates. Microsoft has stopped providing updates for this version and recommends to update to the latest version of Windows 10.

 



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×