Microsoft Is Disabling Default ActiveX Controls in Office 2024

Microsoft Is Disabling Default ActiveX Controls in Office 2024

Microsoft will disable ActiveX controls by default in the Office suite, starting in October with the release of Office 2024. Phasing out the software framework is likely related to numerous security vulnerabilities that have been exploited in the past. Dating back to 1996, ActiveX has long been used for embedding interactive objects, such as buttons or forms, within Office documents. It was formerly used to load multimedia content, like videos, in Internet Explorer. However, it…

Read More

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Patch Tuesday, Microsoft’s monthly report of security updates, brought 90 CVEs, including some vulnerabilities that were being actively exploited. Some vulnerabilities originated in Chromium, meaning both Microsoft Edge and Google Chrome may have been affected. Here are the most critical flaws and patches disclosed by Microsoft on Aug. 13. Six zero-day flaws had been exploited Threat actors had already taken advantage of six zero-day exploits in particular: CVE-2024-38106: an elevation of privilege vulnerability in the…

Read More

Apple Operating Systems are Being Targeted by Threat Actors, Report Finds

Apple Operating Systems are Being Targeted by Threat Actors, Report Finds

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%, according to a new report. The Software Vulnerability Ratings Report 2024 from patch management software company Action1 also found that Microsoft Office programs are becoming more exploitable, while attackers are targeting load balancers like NGINX and Citrix at a record rate. Action1 analysts used data from the National Vulnerability Database and CVEdetails.com to draw five insights into how the threat landscape changed…

Read More

BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023

BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023

The number of Microsoft vulnerabilities has mostly flattened in 2023, with elevation of privilege and identity attacks being particularly common, according to BeyondTrust’s annual Microsoft Vulnerabilities report. Identity and access management solutions company BeyondTrust studied the most significant CVEs of 2023 and Microsoft vulnerability data from Microsoft’s monthly Patch Tuesday bulletins. The report includes vulnerability trends and tips about how to reduce identity attacks. Microsoft reported 1,228 vulnerabilities in 2023 The total number of Microsoft…

Read More