Microsoft Patches Zero- Day Exploits And Encapsulated Postscript (EPS) Attack.
The two Cyber security companies FireEye and Eset were working with Microsoft to find out several vulnerabilities, said in blog.
On this Tuesday, Microsoft patches 57 vulnerabilities including Zero days exploits and many bugs that were used by hacking groups.
1. A Word EPS + Windows Elevation of Privilege (EoP) (CVE-2017-0261 + CVE-2017-0001)
This attack was reported to us in late March; however, customers were already protected by the March updates. Today, to fully address the EPS vulnerability and further protect the small number of customers who may choose to continue using the EPS filter, we released an update to address the Encapsulated PostScript vulnerability.
In terms of activity, we’ve seen a limited number of targeted attempts to use this method, which is no longer valid.
2. A Word EPS + Windows EoP (CVE-2017-0262 + CVE-2017-0263)
Microsoft detected this attack in mid-April; however, customers were already protected by the April defense-in-depth update (noted above) that broke the attack chain by turning off the EPS filter by default. Today, we are releasing further updates to address the underlying filter vulnerability and the elevation of privilege vulnerability in this attack.
In terms of activity, we’ve seen a limited number of attempts to use this method, which is no longer valid.