... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

alt.comp.os.windows-11

Steaming pile of horseshit Windows 11

4,969 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 4,134 of 4,969

=?UTF-8?B?Li4ud8Khw7HCp8KxwqTDsSA=? to Mr. Man-wai Chang

Re: Microsoft Office Zero-Day (CVE-2026-

27 Jan 26 23:42:31

   XPost: alt.comp.os.windows-10   
   From: winstonmvp@gmail.com   
      
   Mr. Man-wai Chang wrote on 1/27/2026 10:51 PM:   
   > Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for   
   > Active Exploitation   
   >    
   >   
   >   
   > Microsoft on Monday issued out-of-band security patches for a   
   > high-severity Microsoft Office zero-day vulnerability exploited in attacks.   
   >   
   > The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8   
   > out of 10.0. It has been described as a security feature bypass in   
   > Microsoft Office.   
   >   
   > "Reliance on untrusted inputs in a security decision in Microsoft Office   
   > allows an unauthorized attacker to bypass a security feature locally,"   
   > the tech giant said in an advisory.   
   >   
   > "This update addresses a vulnerability that bypasses OLE mitigations in   
   > Microsoft 365 and Microsoft Office, which protect users from vulnerable   
   > COM/OLE controls."   
   >   
   > Successful exploitation of the flaw relies on an attacker sending a   
   > specially crafted Office file and convincing recipients to open it. It   
   > also noted that the Preview Pane is not an attack vector.   
   >   
      
   MSFT Official Notice Jan 26, 2026 2 PM PST   
      
      
      
   The official notice released Jan 26, 2026 2 PM  PST   
      
   Customers running Office 2021 and later will be automatically protected   
   via a service-side change, but will be required to restart their Office   
   applications for this to take effect.   
      
   Customers running Office 2016 and 2019 are not protected until they   
   install the security update. Customers on these versions can apply the   
   registry keys described as follows to be immediately protected.   
      
      
   As of end-of-business Jan 26, 2026 5 PM   
   - The Official notice applicability section did not indicate M365, but the   
     FAQ's section about bypassing OLE security features does have mention   
   of M365   
   - Updates released/deployed updated versions for both Office 2016 and   
   2019.  No mention in the article of Office 2021 or M365...but for those   
   using M365, the latest M365 Current Channel version 2601(19628.20150) was   
   released on Jan 27, 2026.   
      
      
   --   
   ...w¡ñ§±¤ñ   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]