This issue is due to the fact that the Windows application protocol, which is the default protocol used by Windows applications, does not validate the length of the data sent by an application and can receive a buffer overflow if the application sends a long string. An attacker can exploit this vulnerability by sending an email with malicious content to a user. If the user clicks on the malicious link, then the application could receive a buffer overflow and execution of malicious code in the context of the application. Microsoft has patched this vulnerability in the March 2018 updates. However, for those who did not apply the patches, there is a temporary workaround. The user should change the Windows application protocol to Transmission or Raw transport protocol in the Windows settings.
Microsoft Office Memory Corruption Vulnerability
An issue in Microsoft Office could allow an attacker to execute code on the target machine. This vulnerability is due to a memory corruption vulnerability in Microsoft Office. An attacker can exploit this vulnerability by sending a malicious file with malicious content to a user, who then opens the file in Microsoft Office. If the user clicks on the malicious link, then they could receive a buffer overflow and execution of malicious code in the context of the application. The buffer overflow could lead to remote code execution on the target machine without requiring authentication or interaction with other software on that system. Microsoft has patched this vulnerability in March 2018 updates and recommends users apply those updates as soon as possible.
Windows SMB Remote Code Execution Vulnerability
This vulnerability has been patched in the March 2018 updates. Yet, for those who did not apply the patches, there is a temporary workaround. The user should change the Windows application protocol to Transmission or Raw transport protocol in their Windows settings. In particular, this vulnerability requires that an attacker send a specially crafted message to a target with a vulnerable SMB server.
Microsoft Office Software Software Flaw
The vulnerability is due to the fact that Microsoft Office software does not validate the length of data sent by an application and can receive a buffer overflow if the application sends a long string. An attacker can exploit this vulnerability by sending an email with malicious content to a user. If the user clicks on the malicious link, then the application could receive a buffer overflow and execution of malicious code in the context of the application. Microsoft has patched this vulnerability in the March 2018 updates. However, for those who did not apply the patches, there is a temporary workaround. The user should change their Windows settings to either Raw or Transmission protocol instead of RPC-HTTP or RPC-HTTPS to prevent exploitation of this vulnerability.
Windows 10 April 2018 Update and otherance of this vulnerability
Windows 10 April 2018 Update and other versions released after it patch the vulnerability. If an attacker sends a malformed email to a user, then he will be unable to exploit this vulnerability. The user should install the latest Windows OS update to eliminate this vulnerability.
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/12/2022 17:17:00 UTC