Eleven fixes for Patch Tuesday

By on
Eleven fixes for Patch Tuesday

Microsoft has issued the October installment of its monthly security update.

The latest 'Patch Tuesday' release includes eleven bulletins which address a total of 20 security vulnerabilties. Four of the bulletins are rated 'critical,' while six more are listed as 'important' and the remaining bulletin categorized and 'moderate.'

Among the critical patches are a fix for a remote code execution flaw in Excel which could an attacker to perform a remote malware installation by way of a speciall-crafted Excel file.

The second critical fix addresses a remote code flaw in Microsoft's Host Integration Server product, while another addresses a problem in the active directory component for Windows Server 2000.

The final critical bulletin is a cumulative update for Internet Explorer which includes remote code execution fixes for IE 5, 6 and 7.

Of the six bulletins rated as 'important,' three addressed remote code execution, including fixes for the Windows Server Message Block and Internet Printing Service, along with a flaw in the Message Queuing component for Windows 2000.

Three more 'important' bulletins fixed privilege-elevation flaws in the Windows Kernel, Virtual Address Descriptor and the Ancillary Function Driver.

The 'moderate' bulletin addresses a vulnerability in Microsoft Office XP SP3 which could be exploited for information disclosure.

According to McAfee security research and communications director David Marcus, the remote code flaws pose the biggest risk to users who do not apply the patch.

"It is the month of remote code execution bugs,” Marcus declared.

"Many of the vulnerabilities addressed by Microsoft's new fixes could allow an attacker to gain complete control over a vulnerable computer by tricking a user to visit a malicious web site or open a rigged Office file.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
bulletins code critical execution fixes remote security

Sponsored Whitepapers

The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
How engineering has been operating in the dark and what to do about it
How engineering has been operating in the dark and what to do about it
The Top Six Digital Transformation Trends Shaping Business and Society
The Top Six Digital Transformation Trends Shaping Business and Society

Events

Most Read Articles

NSW bans police from accessing QR code check-in data

NSW bans police from accessing QR code check-in data
Macquarie Bank shoots for eight technology 'north stars' for 2025

Macquarie Bank shoots for eight technology 'north stars' for 2025
Insurers run from ransomware cover as losses mount

Insurers run from ransomware cover as losses mount
South32 to pursue new IT operating model

South32 to pursue new IT operating model

Digital Nation

Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks
Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
COVER STORY: Automation drives marketing success but complexity torments delivery
COVER STORY: Automation drives marketing success but complexity torments delivery

Log In

Email:
Password:
  |  Forgot your password?