Microsoft has released a security update that addresses the vulnerabilities by correcting how:Office handles objects in memoryCertain functions handle objects in memoryWindows validates input before loading librariesConsequenceThe most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.SolutionRefer to MS16-070 obtain more information.Workaround:1) Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sourcesImpact of workaround #1: Users who have configured the File Block policy and have not configured a special "exempt directory" as discussed in Microsoft Knowledge Base Article 922849 will be unable to open documents saved in the RTF format.2) Prevent Word from loading RTF filesPatches:The following are links for downloading patches to fix these vulnerabilities:MS16-070 Microsoft Excel 2007 Service Pack 3MS16-070 Microsoft Excel 2010 Service Pack 2 (32-bit editions)MS16-070 Microsoft Excel 2010 Service Pack 2 (64-bit editions)MS16-070 Microsoft Office 2010 Service Pack 2 (32-bit editions)MS16-070 Microsoft Office 2010 Service Pack 2 (64-bit editions)MS16-070 Microsoft Office 2016 (32-bit edition)MS16-070 Microsoft Office 2016 (64-bit edition)MS16-070 Microsoft Office Compatibility Pack Service Pack 3MS16-070 Microsoft Office Compatibility Pack Service Pack 3MS16-070 Microsoft Office OneNote 2016 (32-bit edition)MS16-070 Microsoft Office OneNote 2016 (64-bit edition)MS16-070 Microsoft Office Web Apps 2010 Service Pack 2MS16-070 Microsoft Office Web Apps Server 2013 Service Pack 1MS16-070 Microsoft Visio 2007 Service Pack 3MS16-070 Microsoft Visio 2010 Service Pack 2 (32-bit editions)MS16-070 Microsoft Visio 2010 Service Pack 2 (64-bit editions)MS16-070 Microsoft Visio 2013 Service Pack 1 (32-bit editions)MS16-070 Microsoft Visio 2013 Service Pack 1 (64-bit editions)MS16-070 Microsoft Visio 2016 (32-bit edition)MS16-070 Microsoft Visio 2016 (64-bit edition)MS16-070 Microsoft Visio Viewer 2007 Service Pack 3MS16-070 Microsoft Visio Viewer 2010 (32-bit Edition)MS16-070 Microsoft Visio Viewer 2010 (64-bit Edition)MS16-070 Microsoft Word 2007 Service Pack 3MS16-070 Microsoft Word 2010 Service Pack 2 (32-bit editions)MS16-070 Microsoft Word 2010 Service Pack 2 (64-bit editions)MS16-070 Microsoft Word 2013 Service Pack 1 (32-bit editions)MS16-070 Microsoft Word 2013 Service Pack 1 (64-bit editions)MS16-070 Microsoft Word 2016 (32-bit edition)MS16-070 Microsoft Word 2016 (64-bit edition)MS16-070 Microsoft Word 2016 for MacMS16-070 Microsoft Word ViewerMS16-070 Microsoft Word for Mac 2011MS16-070 Office Online ServerMS16-070 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2MS16-070 Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1
The security update addresses the vulnerabilities by correcting the way that Microsoft Exchange parses HTML messages.This security update is rated Important for all supported editions of Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, Microsoft Exchange Server 2013, and Microsoft Exchange Server 2016.ConsequenceSuccessful exploitation allows an attacker to identify, fingerprint, and track a user online.SolutionPlease refer to MS16-079 for more information.Patches:The following are links for downloading patches to fix these vulnerabilities:MS16-079 Microsoft Exchange Server 2007 Service Pack 3MS16-079 Microsoft Exchange Server 2010 Service Pack 3MS16-079 Microsoft Exchange Server 2013 Cumulative Update 11MS16-079 Microsoft Exchange Server 2013 Cumulative Update 12MS16-079 Microsoft Exchange Server 2013 Service Pack 1MS16-079 Microsoft Exchange Server 2016MS16-079 Microsoft Exchange Server 2016 Cumulative Update 1
Microsoft Patch day June 14, 2016
Patches to the game are deployed to Windows, macOS, and Linux platforms via Steam, and must be downloaded and applied before the game can be launched. While all three of these platforms retain the same codebase and have updates released simultaneously, the versions of the game on Xbox 360 and PlayStation 3 were separate and did not receive frequent updates and as such is no longer supported by Valve, due to restrictions imposed on game developers to pay a fee of $40,000 by Microsoft during the Xbox 360's lifespan until 2013 (the console itself wasn't discontinued until 2016). To date, there have been only four patches to Team Fortress 2 on Xbox 360 and one patch on PlayStation 3, compared to the 759 patches that have been released to Windows, macOS, and Linux since 2007. 2ff7e9595c
Comments