Critical fixes coming for Windows, Office and IE; may finally patch 8-month-old flaw
(Computerworld) Microsoft Corp. will deliver eight security updates next week, six of them marked "critical," to plug holes in Windows, Internet Explorer, Office and other products.
Two of the eight updates will patch Windows, another two are aimed at Office, while the remaining four target Internet Explorer (IE), SharePoint, Windows Media Player, and Visual Basic and Visual Studio, Microsoft said today in its monthly advance warning of what to expect next Tuesday.
One of the two updates slated for Windows may be a fix, finally, for an eight-month-old vulnerability that Microsoft first acknowledged in April, and which has been exploited by hackers since mid-October, said Andrew Storms, director of security operations at nCircle Network Security Inc.
"The bulletin Microsoft marked 'Windows 1' looks like the issue in the 951306 advisory," said Storms, referring to the April warning of a rights elevation bug in all versions of Windows. Several weeks before that, Cesar Cerrudo, a researcher and security consultant, said he would disclose a Windows flaw at an upcoming conference; at the time, Microsoft had downplayed the issue, dubbing the problem a "design flaw," not a security bug.
More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122521&source=NLT_PM&nlid=8
(Computerworld) Microsoft Corp. will deliver eight security updates next week, six of them marked "critical," to plug holes in Windows, Internet Explorer, Office and other products.
Two of the eight updates will patch Windows, another two are aimed at Office, while the remaining four target Internet Explorer (IE), SharePoint, Windows Media Player, and Visual Basic and Visual Studio, Microsoft said today in its monthly advance warning of what to expect next Tuesday.
One of the two updates slated for Windows may be a fix, finally, for an eight-month-old vulnerability that Microsoft first acknowledged in April, and which has been exploited by hackers since mid-October, said Andrew Storms, director of security operations at nCircle Network Security Inc.
"The bulletin Microsoft marked 'Windows 1' looks like the issue in the 951306 advisory," said Storms, referring to the April warning of a rights elevation bug in all versions of Windows. Several weeks before that, Cesar Cerrudo, a researcher and security consultant, said he would disclose a Windows flaw at an upcoming conference; at the time, Microsoft had downplayed the issue, dubbing the problem a "design flaw," not a security bug.
More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122521&source=NLT_PM&nlid=8
