Affected products are Macintosh versions of Internet Explorer 5.1, Outlook Express 5.0, Office v. X, Office 2001 and PowerPoint 98.
The critical new vulnerabilities can both allow an attacker to execute code. One is a buffer overrun related to the handling of an HTML element -- a flaw affecting IE and Office. With the vulnerability, an attacker can cause code of his choice to run as if it were the user.
The second vulnerability can allow local AppleScripts to be invoked by a Web page. Locally stored AppleScripts can be invoked as if they had been launched by the user.
The cumulative patch is available at www.microsoft.com/technet/security/bulletin/ms02-019.asp.
About the Author
Scott Bekker is editor in chief of Redmond Channel Partner magazine.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the release of a publicly available and free post-incident hunting tool for organizations using Microsoft Azure, Azure Active Directory and Microsoft 365 applications.
Microsoft this week reminded organizations using Microsoft Teams Rooms devices of a coming July 1 deadline to get their licenses compliant with its relatively new Basic and Pro plans.
Simplified labeling and documentation are key to avoiding a management mess.
Microsoft this week announced a preview of custom claims providers for Azure Active Directory users.
Microsoft this week announced plans to shift the schedule for when it releases its optional nonsecurity patch previews for Windows systems.
More Tech Library