Did you nab all the Microsoft Office updates for July?
Though Microsoft released a number of security patches in its July 11 update (on formerly-and-still-somewhat-known-as Patch Tuesday), there were a number of out-of-band updates also released on July 27. This update applies to vulnerabilities specifically Outlook and Office Click-to-run.
Several of the vulnerabilities in the late July update prevent remote code executions (RCE) in Outlook 2007, 2010, 2013 and 2016, as well as Office 2010 and 2016 Click-To-Run.
“This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file,” writes Microsoft in their security update.
For those keeping score at home, the patched RCE vulnerability in question specifically are CVE-2017-8571, CVE-2017-8572, and CVE-2017-8663.
Another day, another update, yes, but we always encourage you to apply these updates as expediently as possible. Attackers use these vulnerabilities because they know inevitably not everyone is as up-to-date as they could or should be. Microsoft Office is still a major attack vector, and unfortunately we see attackers targeting Office users all the time. It’s tried and true for them, sadly.
So don’t make an attacker’s job any easier than it needs to be: apply these patches as soon as you can.