Microsoft addresses 20 holes on Patch Tuesday

By on
Microsoft addresses 20 holes on Patch Tuesday

Critical vulnerabilities found in Word.

Microsoft is preparing to release seven patches as part of next week's monthly security update.

Just one of the seven bulletins is labeled "critical", addressing vulnerabilities in all versions of its Word software, the software giant announced Thursday.

The remaining patches are designated as "important", and fix flaws in Windows, Office and SQLServer.

In total, 20 bugs are scheduled to be patched, some of which are publicly known.

In July, Microsoft warned about 13 vulnerabilities in Exchange and FAST Search Server 2010 for SharePoint. The bugs actually lie in Oracle Outside In, a set of libraries that software developers use to decode hundreds of file formats.

That technology ships on Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint.

If exploited, "an attacker [can] take control of the server process that is parsing a specially crafted file," according to Microsoft.

"An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do."

Tuesday's patch batch will also serve as a final call for users to install an update that requires they employ certificates carrying an RSA key length of at least 1204 bits.

The update could initially be installed manually, but Microsoft is now making it available automatically through Windows Update.

Customers are encouraged to run certificates with much higher key lengths than the minimum, as an additional safeguard the software giant is releasing as a result of the Flame virus, which spread by spoofing Microsoft certificates.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?