This months security patches for Windows and Office include two very concerning bugs.
There’s a patch for a security bug in the Print spooler. That’s the software which sends documents to your printer. The flaw allows external print drivers to be installed on a network printer. Because print drivers are installed with high-level access, that allows other malicious software to be installed with system privileges. The patches for this nasty go back to Windows Vista. Ouch.
Another bug lets someone bypass the Secure Boot feature. Secure Boot ensures that only approved software and drivers are run from the very start of Windows. That stops rootkits being added to the deep core of Windows. You’re absolutely NOT supposed to be able to bypass Secure Boot, but someone found a way. Double Ouch
For Microsoft Office it’s a case of ‘another month – another set of security flaws’. Yet more patches for gaps in Microsoft Office. So called ‘specially crafted’ documents can, when opened, run malicious code on your computer. Excel XLA files get a special shout out but it’s mostly, yet more, problems with Word documents.
The updates apply to Office 2007 (with SP3) all the way through to Office 2016 for Windows. Also Office 2011 and 2016 for Mac. Related server and Sharepoint technologies should also be patched.
You may already have been updated. Our machines got a Windows 10 Cumulative Update pushed out automatically which included all this months efforts in Microsoft ongoing game of security ‘Whack a Mole’.
