Microsoft is scaling up its security services very quickly and is spending $1 billion every year alone on security R&D. So, the Microsoft users – be rest assured! You have chosen a cohesive ecosystem that works to counter the threats and comes up with the feature rollouts to kill vulnerabilities detected time and again.
In its recent release in Jan 2018, the update fixes several security holes in SharePoint, Outlook, Excel, Word, Access and the entire Office suite.
- It fixes many separate remote code execution vulnerabilities in the entire suite. In this, the attacker can run arbitrary code or take control of the entire system if the current user is logged on with administrative user rights.
- It fixes several memory corruption vulnerabilities in Word, which would allow an attacker to take control of the entire system if the current user is logged on with administrative user rights. An attacker can exploit this issue to run arbitrary code in the context of the current user.
- It also fixes tampering vulnerability in Access, which allows an attacker to send a specially crafted file to a victim. The attacker can also exploit this issue by hosting the file on a web server.
- In addition to the office suite, it also fixes Microsoft SharePoint cross-site scripting elevation of privilege vulnerability. This exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.
What You Need to Do?
- This being a security update, it should be applied soon.
- The subscription holders have direct access to the tools to manage Threat Management within the Security & Compliance Center. To access it, go to the Office 365 Administration Center, click on Admin centers and select the Security & Compliance
- Many times a good portion of the features is provided by default. However, for some features, it will require getting your hands dirty and putting in some time and efforts.
This update comes with Version 1711 (Build 8730.2175). You can get more information by going to the Office 365 client update channel release page: On the left side of the screen choose the Monthly channel and select “2018” and “January.”
If you need any more help with your Office 365, please reach out to us – we would love to help!