Six of the fixes address bugs in Windows and the other four remediate issues in Internet Explorer, Word, Excel and Office, according to an advance notification bulletin issued today.
Microsoft won't say specifically what the patches fix, but there are two zero-day issues -- announced in May -- that are being actively exploited: a privilege-escalation flaw in the Internet Information Services (IIS) web server and a bug in DirectX, used on Windows to enable graphics and sound.
Microsoft said it does not plan to release a patch for the latter flaw.
"Our security teams are working hard on a security update that addresses this issue to protect customers, but we do not yet have an update that has reached the appropriate level of quality for broad distribution," Jerry Bryant of Microsoft said on the company's Security Response Center blog.
But Tas Giakouminakis, CTO of Rapid7, provider of vulnerability management, said a fix may be coming for the IIS issue. If it does, administrators should take it seriously.
"We've seen them [Microsoft] probably, best case, 10 days from zero day to actually getting a patch out," he said. "The fact that you can bypass authentication and access files on a system...it's a critical item."
Microsoft also plans to issue another update for a PowerPoint hole that was patched last month but did not contain fixes for the Mac OS X.
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
