As part of the January 2018 Patch Tuesday, Microsoft has released fixes for 56 CVE-listed vulnerabilities, including the Meltdown and Spectre flaws, and an Office bug actively exploited by attackers.

Office flaw exploited in the wild

Security updates and patches for mitigating the risk of Meltdown and Spectre attacks have received much attention in the past days, but those released by Microsoft on Tuesday also deserve it.

As mentioned earlier, a flaw (CVE-2018-0802) in Microsoft Office 2007, 2010, 2013, and 2016 is being exploited in attacks in the wild.

It can be triggered by the opening of a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software and allows attackers to run arbitrary code in the context of the current user.

Read full news article on Help Net Security