bit-tech.net

Patch Tuesday brings critical IE, Windows, Office fixes

Patch Tuesday brings critical IE, Windows, Office fixes

Microsoft's regular Patch Tuesday includes some critical security fixes this month, and hopefully no more of the faulty patches it has been churning out recently.

Microsoft has issued its monthly list of security patches which will be distributed tomorrow, the company's regular Patch Tuesday event - and there are some critical fixes bundled this month.

Issued as part of the company's regular update cycle, which sees patches released to customers on the second Tuesday of every month except in cases of critical emergency, the bulletins cover a range of Microsoft products with the majority concentrating on remote code execution and privilege elevation issues in Windows, Office and Internet Explorer. A rather worrying quartet of patches are rated Critical, the most severe of Microsoft's ratings, while the remainder are merely Important despite offering up remote code execution, information disclosure and denial of service possibilities.

The first Critical patch is one only system administrators need worry about: a flaw in Windows SharePoint Services which can allow remote attackers to execute arbitrary code on the server. This is followed by another one for the business users with the news that Microsoft Outlook, the messaging and calendar client that forms a central part of the Office productivity suite, requires a similar patch for a remote code execution vulnerability.

The next few patches are of interest to all, however: the third bulletin fixes a critical-rated remote code execution vulnerability in all Internet Explorer versions which, thanks to its heavy integration in the operating system itself, may even affect those who use an alternative browser. The next two bulletins cover similarly-serious issues, but this time affecting Windows itself - though thankfully nothing newer than Windows Server 2008 and Windows Vista.

The remaining security bulletins, detailed in the official notification, are mitigated by security measures built into the software that downgrade their severity to merely Important - but which are still a recommended install for anyone who uses a Windows system connected to the internet.

The patches are due to be released to the public tomorrow, at which point all eyes will be on Microsoft: its Patch Tuesday releases over the last few months have included several faulty patches which have done more harm than good, with the company having to embarrassingly withdraw their release and re-issue them with patches of their own at future dates.

4 Comments

Discuss in the forums Reply
dr-strangelove 9th September 2013, 21:32 Quote
Quote:
Originally Posted by The Article
...the third bulletin fixes a critical-rated remote code execution vulnerability in all Internet Explorer versions which, thanks to its heavy integration in the operating system itself, may even affect those who use an alternative browser.

I'm curious how an IE vulnerability could allow someone to do a remote code execution if IE is uninstalled/disabled?
Gareth Halfacree 9th September 2013, 22:06 Quote
Quote:
Originally Posted by dr-strangelove
I'm curious how an IE vulnerability could allow someone to do a remote code execution if IE is uninstalled/disabled?
Because, unfortunately, you can't uninstall IE from Windows - not fully. Large portions of it remain embedded within the OS.
NethLyn 10th September 2013, 15:07 Quote
Just hoping that it's mass demand for the update that's causing only one PC to be updated on the day, it's been patch Wednesday for a few months now.
NethLyn 12th September 2013, 00:09 Quote
I've had the same set of three Office updates install themselves multiple times on different machines, so is Windows update screwed or have I been hacked and it's all the Zombies leeching off my connection that are updating at the same time?
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums