Microsoft plugs Windows, Office holes

By

Following a record-breaking security update last month, Microsoft is planning just two fixes for its June update, plus a revamped exploitability index.

After a record-breaking patch batch last month, Microsoft on Tuesday plans to release just two security bulletins as part of its May security update to address three vulnerabilities.


One of the fixes is rated “critical,” and the other “important”, according to Microsoft's advanced notification released on Thursday. The critical patch will address one vulnerability in Windows while the important fix will remedy two flaws affecting Office.

Paul Henry, security and forensic analyst at US-based vulnerability management firm Lumension, said that while this month's patch load is much smaller than last, it will still cause a disruption for IT security teams.

“Both [bulletins] provide for remote code execution and may even require a restart,” Henry said.

Microsoft also plans to revamp its exploitability index which provides information about the likelihood that attackers will take advantage of vulnerabilities.

Starting Tuesday, Microsoft plans to release more comprehensive vulnerability assessment information and make its exploitability index “more clear and digestible.

It will begin publishing two exploitability ratings for each vulnerability, one of which will classify the risk it presents to the most recent version of the affected software or platform and another for all older versions. Previously, Microsoft provided one rating for all product versions.

This change will allow those running the latest iterations to more easily determine their risk given the extra security features built into Microsoft's newest products.

The enhanced exploitability rating also will include an assessment of the denial-of-service risk a vulnerability poses.  

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

Department of Health to centralise SecOps model

Department of Health to centralise SecOps model

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Jaguar Land Rover hit by cyber incident

Jaguar Land Rover hit by cyber incident

Log In

  |  Forgot your password?