Microsoft slates six fixes for decade's final Patch Tuesday

By on
Microsoft slates six fixes for decade's final Patch Tuesday

Includes a fix for zero-day vulnerability in Internet Explorer.

Microsoft will push out six patches next week to address 12 vulnerabilities as part of its monthly security update, the company announced.

The fixes — three are rated "critical", the rest are labeled "important" — will address bugs in Windows, Internet Explorer (IE) and Microsoft Office, according to an advance notification.

The update plans to address at least one known zero-day vulnerability, an issue impacting IE versions 6 and 7. Microsoft confirmed the flaw, rated critical on all Windows platforms except Server 2008, in an advisory released late last month.

"We know that customers are concerned about this issue, and we are also aware that proof-of-concept code is available publicly," Jerry Bryant, a senior security program manager at Microsoft, wrote in a blog post.

Experts at Rapid7, a vulnerability management firm, said organisations should make this patch a priority.

The other critical bulletins set to be released impact Windows and Microsoft Project, a project management software program for Office.

Apparently not slated for repair is a zero-day vulnerability in the Server Message Block (SMB) protocol, according to an advisory released last month. The company said successful exploitation of the flaw, which affects Windows 7 and Server 2008 Release 2, can lead to a denial-of-service that results in a system crash — but not the injection of malicious code. Exploit code has been published, but Microsoft is not aware of any active attacks underway.

See original article on

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?