Skip to main content
Vulnerabilities in Microsoft code

Microsoft Reports Vulnerabilities Impacting Windows and Office Products

Written by bsiemon on . Posted in Featured, Microsoft, Security. No Comments on Microsoft Reports Vulnerabilities Impacting Windows and Office Products

Microsoft Vulnerabilities

Published on

July 14, 2023

Bryan Siemon

Bryan Siemon

Microsoft Reports Vulnerabilities Impacting Windows and Office Products

Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products.

Microsoft reads, “An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.

Microsoft has confirmed no less than 132 security vulnerabilities across product lines, including six that fall into the “zero-day” category.

Microsoft suggested these applications would be impacted and is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially crafted Microsoft Office documents.

Office Products include:

– Excel – Publisher – PowerPoint – Word – WordPad – Access – Graph – Visio

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.

SoHo Network Solutions has always encouraged its customers not to open email attachments they do not recognize or expect. Free antivirus solutions are better than nothing, however, they lack centralized management and advanced features that we can provide. Hackers have become more advanced, so more advanced solutions are needed. The good news is that paid professional-grade antivirus software has become more affordable than ever. For $4 a month per computer, you can get the protection needed to help combat these vulnerabilities.

The Technical Details:

The vulnerability is a remote code execution (RCE) vulnerability affecting Windows and Office product, CVE-2023-36884, with a CVSS score of 8.3. The targeted attacks exploit these vulnerabilities using specially crafted Microsoft Office documents.” CVE-2023-36884 is as yet unpatched.

If you have any questions or concerns about this, please don’t hesitate to call Soho Network Solutions at 717.831.8128. It is recommended you ensure you have all Windows and Office updates and a strong antivirus program.

About SoHo’s Antivirus Solution:

To purchase Professional-Grade Antivirus Software give us a call- 717.831.8128. SOHO Network Solutions offers the Malwarebytes EDR Cloud Managed solution for $4/workstation/month or $48/year.

How does EDR work?

Endpoint detection and response are broadly defined by three types of behavior.

Endpoint management

This refers to EDR’s ability to be deployed on an endpoint, record endpoint data, then store that data in a separate location for analysis now or in the future. EDR can be deployed as a standalone program or included as part of a comprehensive endpoint security solution. The latter has the added benefit of combining multiple capabilities into a single endpoint agent and offering a single pane of glass through which admins can manage the endpoint.

Data analysis

EDR technology can interpret raw telemetry from endpoints and produce endpoint metadata (or cyber threat intelligence) human users can use to determine how a previous attack went down, how future attacks might go down, and actions that can be taken to prevent those attacks.

Threat hunting

EDR scans for programs, processes, and files matching known parameters for malware. Threat hunting also includes the ability to search all open network connections for potential unauthorized access.

Incident response

Incident response refers to EDR’s ability to capture images of an endpoint at various times and re-image or rollback to a previous good state in the event of an attack. EDR also gives administrators the option to isolate endpoints and prevent further spread across the network. Remediation and rollback can be automated, manual, or a combination of the two.

Think of EDR as a flight data recorder for your endpoints. During a flight, the so-called “black box” records dozens of data points; e.g., altitude, air speed, and fuel consumption. In the aftermath of a plane crash, investigators use the data from the black box to determine what factors may have contributed to the plane crash … Likewise, endpoint telemetry taken during and after a cyberattack (e.g. processes running, programs installed, and network connections) can be used to prevent similar attacks.

More Articles

We Are A Full Service IT Company

We can help setup MFA in your organization. Contact us today to learn more or help getting started.

Continue reading

Microsoft Laptop

Why Switch To Microsoft 365

Written by bsiemon on . Posted in Featured, Main Article, Microsoft. No Comments on Why Switch To Microsoft 365

Office 365

Published on

Bryan Siemon

Bryan Siemon

Now might be the time to migrate to Microsoft 365. What was once called Office 365 is now called Microsoft 365 and is a suite of productivity and collaboration tools developed for businesses of all sizes. It includes a range of applications, including Exchange Online for email, SharePoint Online for collaboration and document management, and Teams for Business for online meetings and video conferencing.

While making the move to Office 365 might seem like a big task. Soho Network Solutions makes the process go smooth.

Microsoft 365 is a subscription-based online suite of productivity. It includes a range of applications, services, and tools for businesses of all sizes, from small startups to large enterprises. The biggest benefit is that it can help increase productivity and collaboration both in the office and with clients. Here are some other key benefits of using Microsoft 365 for your business:

The Key Benefits

  1. Accessibility: One of the biggest advantages of Microsoft 365 is its accessibility. With 365, you can access your documents, emails, and other tools from any device, at any time, from anywhere in the world. This means you and your team can stay connected and productive, even when you’re on the go.
  2. Collaboration: Office 365 makes it easy for teams to collaborate on projects, share files, and work together in real time. With features like shared calendars, instant messaging, and video conferencing, you can easily communicate and collaborate with your team, no matter where they are located.
  3. Security: Microsoft 365 is designed with security in mind. It includes robust security features like data encryption, multi-factor authentication, and advanced threat protection to help keep your data safe and secure.
  4. Reliability: Microsoft 365 is a cloud-based service, which means it’s highly reliable. Your data is stored in secure, redundant data centers, so you can be confident that it’s always available and accessible when you need it.
  5. Scalability: Microsoft 365 is scalable, which means it can easily grow with your business. As your company expands, you can add more users, applications, and tools to your subscription, without the need for expensive hardware or IT support.
  6. Cost-effective: Microsoft 365 is a cost-effective solution for businesses. With a subscription-based pricing model, you only pay for what you need, and you can easily add or remove users and applications as your business needs change. This can help save your business money, compared to purchasing individual software licenses for each user.

Overall, Microsoft 365 is a powerful, flexible, and cost-effective solution for businesses of all sizes. With its accessibility, collaboration, security, reliability, scalability, and cost-effectiveness, 365 can help your business stay competitive and thrive in today’s fast-paced business world.

To learn more about Microsoft 365 and your business specifically, contact Soho Network Solutions today and talk to a professional. Soho Network Solutions is a small business designed to help small and medium sized businesses with their IT and Network Administration needs. We provide IT consulting and more.

More Articles

We Are A Full Service IT Company

We can help setup MFA in your organization. Contact us today to learn more or help getting started.

Continue reading