We still have one more week before another Patch Tuesday, but that does not stop security researchers from finding more exploits to our everyday software. According to TheRegister, researchers at Cymulate have found an exploit within Microsoft Word that would allow an attacker to run code through user interaction. This attack is performed through embedding a video within a Word document that links to a downloadable binary. This binary is then opened within Word, allowing the attacker to run an installer through user interaction.Free Whitepaper: What to do BEFORE all hell breaks loose

It appears that Microsoft will not be addressing the issue. This is a great example of a user-targeted attack that could be exploited easily through a well-crafted phishing attack. A combination of a well-educated user base and a properly updated environment will reduce the chances of attack and reduce the spread of the attack if an endpoint is compromised.

Security Releases

Apple headlines the week with a suite of major security releases for their products. Numerous vulnerabilities are remediated in Apple’s assorted operating systems including macOS and iOS with a notable vulnerability covered by BleepingComputer that affects Facetime.

iTunes and iCloud for Windows also see updates covering a total of 13 shared vulnerabilities. iTunes 12.9.1 also includes CVE-2018-4394 with a CVSSv3 score of 7.8 which promotes the patch to a High severity. These consumer-level products can be surprisingly common within enterprise environments, so make sure to scan your environment to remediate these out of date titles.

Third-Party Updates

Here are the other updates we released in our content this week. These updates might not have identified CVEs, but they still have helpful stability fixes as well as potential undisclosed security fixes:

Software Title

Ivanti ID

Ivanti KB

Apple Mobile Device Support 12.1.0.25

AMDS-023

QAMDS121025

Beyond Compare 4.2.8.23479

BEYOND-007

QBC42823479

FileZilla Client 3.38.1

FILEZ-082

QFILEZ3381X86

Firefox 63.0.1

FF18-019

QFF6301

Nitro Pro 12.6.1.298

NITRO-018

QNITRO1261298

Opera 56.0.3051.88

OPERA-188

QOP560305188

Paint.net 4.1.3

PDN-008

QPDN413

PeaZip 6.6.1

PZIP-011

QPZIP661

Plex Media Player 2.21.0

PLXP-023

QPLXP2210

Plex Media Server 1.13.9.5496

PLXS-027

QPLXS11395456

VMware Tools 10.3.5

VMWT-027

QVMWT1035

More Patch Resources: