Microsoft has announced that it will be dishing out a set of patches for Windows 8.1 on Nov 13. The company briefly elaborated on the security vulnerabilities that will be resolved with these patches, citing three such exploits which are deemed critical. However, the company ignored the zero-day vulnerability which has been discovered in Office.
A number of security flaws have been discovered in Windows 8.1 so far and it is time that Microsoft dished out a patch to take care of them. While the company has announced that the Nov 13 patch will comprise of three critical and five important security bulletins, none of them is concerned with the Office zero-day vulnerability.
The zero day vulnerability recently found in Office is currently being used by hackers all around the globe. It deals with the way Office handles .TIFF graphics files. The vulnerability enables anyone with malicious intents to hack a PC running Windows 8.1. A number of malware variants have been developed which exploit this vulnerability and compromise the machine of the victim.
According to different security firms, this Office zero-day vulnerability is actively being used by hackers in Middle East and Asia. In view of this, it is rather unfortunate to note that in its security patch, Microsoft has entirely ignored it and rather gone for less important security loopholes.
The flaws listed as ‘important’ in Microsoft’s scheduled security bulletins include remote code execution, denial of service exploits, information disclosure and elevation of privilege vulnerabilities which may affect both, Windows 8.1 itself as well as Microsoft Office.
Courtesy: The Hacker News