Microsoft fixes critical PrintNightmare and Office document vulnerabilities in Windows 10


    Surface Laptop 4 Amd 2021 LidSource: Daniel Rubino / Windows Central

    Microsoft rolled out its Patch Tuesday update for Windows 10 yesterday. The update includes fixes for 66 security vulnerabilities, including one that addresses an Office document vulnerability. That Office vulnerability could be utilized by attackers to trick people into opening malicious files.

    We broke down how attackers can use this vulnerability in greater detail last week. To summarize, the vulnerability labeled as Windows CVE-2021-40444 can be exploited by using ActiveX controls in an Office document. If people are tricked into opening files and disabling Protected View, an attacker can get malware onto a computer.

    Microsoft’s documentation on the security vulnerability now includes an update:

    Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.

    The Office document vulnerability could be used in conjunction with other issues, such as the recent bug in Outlook that showed spoofed domains inside genuine contact cards.

    VPN Deals: Lifetime license for $16, monthly plans at $1 & more

    Microsoft also released an update for the Windows Print Spooler Remote Code Execution Vulnerability, which is labeled CVE-2021-36958. The Print Spooler vulnerability caused a wide range of problems, including attackers being able to place ransomware onto vulnerable PCs.

    Security expert Benjamin Delpy confirmed to BleepingComputer that the bug was fixed.

    Microsoft has a full list of all addressed security issues from the September 2021 Patch Tuesday update.

    We may earn a commission for purchases using our links. Learn more.





    Source link