Microsoft Outlook could be affected by the Spectre-Meltdown bug

Microsoft Outlook could be affected by the Spectre-Meltdown bug

The February updates address security flaws in Internet Explorer, Edge, Microsoft’s ChakraCore JavaScript engine, Windows, and Office.

Two worrying bugs fixed this month affected Outlook. One, a memory-corruption flaw, identified as CVE-2018-0852, could allow an attacker to run arbitrary code.   Microsoft says exploitation of this flaw is “less likely” and that an attacker would need to trick a victim into opening a file or visiting an attack site. However, it also notes that an attack vector is the Preview Pane.

The second Outlook bug that could be worth patching immediately is elevation of privilege vulnerability CVE-2018-0850, which stems from Outlook insufficiently validating the formatting of incoming messages before processing them.

An attacker could send a specially crafted email that forces Outlook to load a message store over SMB.

“That means there’s a potential for an attacker to exploit this merely by sending an email,” explained Childs.

Overall Microsoft’s February update includes fixes for 14 critical flaws, 34 important flaws, and two moderate severity issues. None of the bugs is known to be under attack.

Baron Software advises that all end users maintain their updates from vendors and keep your Anti-Virus packages up to date.  Security is one of the most highest things that should be on your list.  Getting a possible attack could create issues of losing your identity, credit card or banking information.  Do not open any emails from unrecognized sources.

There are way too many attacks that occur from other countries as well a lot in the far east as well as Russian attacks.  This has been an ongoing thing for the past 15 years and as with older viruses that could cripple your system you need to always be on guard.