The recent security patches from Microsoft address multiple critical vulnerabilities, particularly in Office and Excel where the Preview Pane can be an attack vector requiring user interaction. A significant TCP/IP bug related to DHCPv6 could allow an attacker to execute code on a target system via a crafted response, potentially needing a Man-in-the-Middle attack. Other notable vulnerabilities include inconsistencies with permission levels required for exploitation in SharePoint and persistent issues in RRAS and Telephony services. Users on Mac platforms, however, may face delays as updates for Office LTSC are not yet available.
For all of these bugs, the Preview Pane is an attack vector, but Microsoft lists that user interaction is required.
An attacker could send a crafted response to a legitimate DHCPv6 request to execute code on the target system.
Both say that 'Site Owner' permissions are required for exploitation, but one lists this as Low privilege while the other lists it as High.
The final Critical bug is for TCP/IP and sounds intriguing. It centers around DHCPv6.
Collection
[
|
...
]