As part of the January 2018 Patch Tuesday, Microsoft has released fixes for 56 CVE-listed vulnerabilities, including the Meltdown and Spectre flaws, and a flaw (CVE-2018-0802) in Microsoft Office 2007, 2010, 2013, and 2016 that is being exploited in attacks in the wild.
The Office vulnerability can be triggered by the opening of a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software and allows attackers to run arbitrary code in the context of the current user.
“If the current user is logged on with administrative user rights, an attacker could take control of the affected system,” Microsoft explained. “The security update addresses the vulnerability by removing Equation Editor functionality.”
Read more about the exploited Microsoft Office vulnerability and other notable flaws patched by Microsoft on Help Net Security.