Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Plans Critical Fixes for Patch Tuesday

Microsoft is prepping fixes for 19 security vulnerabilities for this month’s Patch Tuesday.

The vulnerabilities are stretched out across six bulletins, four of which are rated critical. Those four address 13 bugs affecting Windows, Internet Explorer and the .NET Framework.

Microsoft is prepping fixes for 19 security vulnerabilities for this month’s Patch Tuesday.

The vulnerabilities are stretched out across six bulletins, four of which are rated critical. Those four address 13 bugs affecting Windows, Internet Explorer and the .NET Framework.

“Most organizations will be affected by these critical bulletins as they relate to legacy codebase that is present even in Microsoft’s most recent releases, such as Windows 8 and Windows Server 2012,” said Marcus Carey, a security researcher with Rapid7. “This may come as a surprise to many who expected that Windows 8 and Windows Server 2012 to be much more secure than legacy versions. The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues.”

The non-critical updates include a bulletin rated ‘Important’ that will address four vulnerabilities in Microsoft Office and a ‘Moderate’ update will address two issues in Microsoft Windows.

Bulletin 1 is expected to be a critical cumulative update for Internet Explorer 9 addressing three vulnerabilities. While no attacks have yet been observed in the wild, this should be considered the highest priority for Windows 7 and Vista systems.

Bulletin 6 is marked as important and will close a file format bug in Excel. Bulletin 3 will be a moderate update for IIS but will be an issue only on IIS systems set up to provide FTP services.

In addition to the Microsoft patches, there are two other significant software updates IT administrators need to be aware of and should address next week, blogged Qualys CTO Wolfgang Kandek.

“Adobe released a new version of its Flash player that addresses seven vulnerabilities,” he wrote. “Adobe rates them as “critical” and assigns the patch an overall urgency rating of “1”, indicating that patching should be performed within one week. Apple released version 7.7.3 of its Quicktime player for Windows, which addresses nine vulnerabilities. They are all rated critical and should be addressed as quickly as possible.”

Advertisement. Scroll to continue reading.

“IT administrators may find they don’t have much to be thankful for this Thanksgiving with a disruptive Patch Tuesday headed their way,” said Paul Henry, a security analyst at Lumension.

“We knew that IE9 would have some bugs, but it’s got to be demoralizing for Microsoft to have to patch their newer, more secure browser again so quickly,” said Andrew Storms, director of security operations at nCircle.

Microsoft is also re-releasing two older patches in order to fix timestamp issues with updates from earlier this year.

The Microsoft updates are slated to be released Nov. 13 at approximately 10 a.m. PST.

Additional reporting by Fahmida Rashid

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.