September 2016 has the usual collection of patches for security lapses in Microsoft products.
There’s the standard collection of Windows and browser fixes including Internet Explorer and the new Edge browser.
For Office customers there’s only one patch. Yet again, hackers have found a way to hack an Office document to gain access to a vulnerable computer via memory hacks.
According to the hype at the time, these memory hacks were supposed to go away with the addition to Windows of Address Space Layout Randomization (ASLR). But they keep happening anyway.
What caught our eye this month is that the memory hack can happen via the relatively new ‘Click to Run’ technology.
There’s also a hack where VBA code can export a user’s private certificate key when saving a document. With a private key, a hacker can access any of your encrypted documents.
And there’s a tricky ending to an email attachment (a MIME attachment) which can prevent anti-spam and anti-virus checks from working.
All these bugs are fixed, with a long list of non-security patches in the update called KB3185852 for Office 2007, Office 2010, Office 2013 and Office 2016 for Windows. Also Office for Mac 2011 and 2016.
