Microsoft readies 10 patches for next week

By

Microsoft next week plans to push out 10 patches, six graded "critical" by the software giant.

Six of the fixes address bugs in Windows and the other four remediate issues in Internet Explorer, Word, Excel and Office, according to an advance notification bulletin issued today.

Microsoft won't say specifically what the patches fix, but there are two zero-day issues -- announced in May -- that are being actively exploited: a privilege-escalation flaw in the Internet Information Services (IIS) web server and a bug in DirectX, used on Windows to enable graphics and sound.

Microsoft said it does not plan to release a patch for the latter flaw.

"Our security teams are working hard on a security update that addresses this issue to protect customers, but we do not yet have an update that has reached the appropriate level of quality for broad distribution," Jerry Bryant of Microsoft said on the company's Security Response Center blog.

But Tas Giakouminakis, CTO of Rapid7, provider of vulnerability management, said a fix may be coming for the IIS issue. If it does, administrators should take it seriously.

"We've seen them [Microsoft] probably, best case, 10 days from zero day to actually getting a patch out," he said. "The fact that you can bypass authentication and access files on a system...it's a critical item."

Microsoft also plans to issue another update for a PowerPoint hole that was patched last month but did not contain fixes for the Mac OS X.

See original article on scmagazineus.com

Microsoft readies 10 patches for next week
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?