back to article Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws

Microsoft today addressed 130 CVE-listed vulnerabilities in its products – and five of those bugs have already been exploited in the wild. A full list of security updates and advisories in this month's Patch Tuesday batch can be found here from the IT giant, or here from the ZDI. In summary, there are fixes for Windows, Office …

  1. t245t Silver badge
    Windows

    Remote-code execution flaw in Office files

    > A remote-code execution flaw that can be exploited by maliciously crafted Microsoft Office files

    Then use the Microsoft Office Word Viewer, oh wait that's no longer availabe, must use the cloudy version.

  2. sitta_europea Silver badge

    People at NATO use Outlook?

    1. Anonymous Coward
      Anonymous Coward

      They were when I co-designed their migration from Exchange 5.5 to 2003 about 14 years ago.

    2. Anonymous Coward
      Anonymous Coward

      Uk government uses Outlook….

    3. Charlie Clark Silver badge

      The power of lobbying. When you consider that the reason for developing the internet was to defend military communications from a single point of failure… it should actually be inconceivable that anything used by the military has only a single supplier and software that isn't open source.

  3. FlamingDeath Silver badge

    Welcome….

    To the shitshow

    These companies claim to be worth billions

    I’m not convinced

    1. sitta_europea Silver badge

      Re: Welcome….

      "...These companies claim to be worth billions..."

      It all depends on what you mean by "worth".

      Most people take it to mean "what some dumb sucker is prepared to pay", and by that measure I'm afraid they're right.

    2. Charlie Clark Silver badge

      Re: Welcome….

      As long as they don't get sued for damages as a result of software bugs, the money will just keep flowing.

  4. Zippy´s Sausage Factory

    Visual Studio being attacked is a new one. Although to be fair I know a lot of people don't patch it because Microsoft keep fiddling with it and there's a good chance you have to reset it after upgrading, meaning you have to reload all your extensions, your settings and so on - which takes about an hour or two, even if they are all synced on "the cloud" (something I do my best to avoid, to be honest.)

    1. t245t Silver badge
      Boffin

      Visual Studio being attacked is a new one.

      @Zippy´s Sausage Factory: “Visual Studio being attacked is a new one ..”

      After numerous clicks ..

      Issues Addressed in this release of 17.0.23

      Microsoft is aware of a vulnerability where there is a possibility of SMTP address injection that can happen in the SmtpClient class. This corresponds to CVE-2022-26893 (not a published CVE as the vulnerability is assessed as medium).

      Good Grief Charlie Brown .. well that's cleared that one up /s

      1. Zippy´s Sausage Factory

        Re: Visual Studio being attacked is a new one.

        Yes, I should have said "news to me" or similar to that. Or maybe "blimey, that's a new one on me". I would have thought the phrase was being used in that context would have been obvious. Clearly not.

    2. AndrueC Silver badge
      Facepalm

      Visual Studio is a big enough time waster as it is without becoming a platform for malicious attacks.

  5. ComicalEngineer

    Microsoft has morebugs than the Nnatural History Museum :(

    1. Anonymous Coward
      Anonymous Coward

      Indeed

      It never ceases to amaze me how many errors a typical programmer - or indeed any IT user - can introduce into a single line of text.

  6. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like