The Microsoft product team is pleased to announce the availability of Office 2019 version 1810. This is geared towards those business customers who aren't ready to adopt the cloud-based Office 365.


Version 1810 (Build 11001.20108) - Release Date November 13, 2018:
The following information applies to retail versions of Office 2019, such as Office Professional 2019 purchased at a retail store.

CVE-2018-8522 | Microsoft Outlook Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability.

The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

CVE-2018-8524 | Microsoft Outlook Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability.

The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

CVE-2018-8546 | Microsoft Skype for Business Denial of Service Vulnerability

A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights.

For an attack to be successful, this vulnerability requires that a user sends a number of emojis in the affected version of Skype for Business.

The security update addresses the vulnerability by correcting how Skype for Business handles emojis.

CVE-2018-8558 | Microsoft Outlook Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center.

A malicious user could potentially share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.

The security update addresses the vulnerability by correcting how Microsoft Outlook generates links inserted into emails via the "Attach File" interface.

CVE-2018-8573 | Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.

CVE-2018-8574 | Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

CVE-2018-8575 | Microsoft Project Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Project software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Project handles files in memory.

CVE-2018-8576 | Microsoft Outlook Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability.

The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

CVE-2018-8577 | Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

CVE-2018-8579 | Microsoft Outlook Information Disclosure Vulnerability

An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.

To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.

The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

CVE-2018-8582 | Microsoft Outlook Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files.

An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Systems such as workstations and terminal servers where Microsoft Outlook is used are at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this.

In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted email message to the user and then convincing the user to open the email and import an attached .rwz (rule export) file. Exploitation of this vulnerability requires that a user open a specially crafted email message with an affected version of Microsoft Outlook, download a malicious attachment, and manually import the contents of the attachment using the Outlook user interface.

The update addresses the vulnerability by correcting the way that Microsoft Outlook parses rule export files.

About Microsoft Office 2019. The latest version is the ninth to be released for Windows since Microsoft unveiled the inaugural software in 1990 and the first version to come out since Office 2016 hit the market in September 2015.

New features of Office 2019

Office 2019 will include new perpetual versions - where the license is purchased outright and effectively has no expiry date - of all the Office apps including Word, Excel, PowerPoint, Outlook and Skype for Business and server products including Exchange, SharePoint and also Skype for Business.

Beyond the programs we've all come to know and expect from Microsoft Office - such as Word, Excel, and PowerPoint - the 2019 edition will also include Outlook client applications and server versions of Exchange, SharePoint, and Skype for Business. Some new features of Office 2019 will include:

- Improved and expanded formulas and charts that will make the data analysis capabilities of Excel even more powerful
- "Inking" options like pressure sensitivity, tilt effects, and ink reply, which will allow for users to more naturally make notes and draw on top of documents when using touch- and pen-enabled devices
- Integration of "Morph" and "Zoom" visual animation features (currently only available through Microsoft 365) into PowerPoint
- Enhanced enterprise functionality
- Server updates that will focus on superior IT manageability, usability, voice recognition, and security

About Microsoft. Microsoft is a software corporation that develops, manufactures, licenses, supports, and sells a range of software products and services

Product: Microsoft Office
Version: 2019 Professional Plus version 1810 Build 11001.20108
Supported Architectures: 32bit / 64bit
Website Home Page :
www.microsoft.com

Language: multilanguage
System Requirements: PC
Supported Operating Systems: Windows 10

Немного информации об материале: 21-11-2018, 17:04 наш лучший журналист - apple2000 написал статью - "Microsoft Office 2019 Professional Plus version 1810 Build 11001.20108" и сразу же добавил её к нам на сайт! Хотелось бы добавить, что наш журналист подобрал лучшее оформление и качественное содержание данной новости. Так же советуем вам посетить категорию Софт, чтобы найти другие отличные материалы, как и этот!