Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Plans Critical Fixes for Patch Tuesday

Microsoft is prepping fixes for 19 security vulnerabilities for this month’s Patch Tuesday.

The vulnerabilities are stretched out across six bulletins, four of which are rated critical. Those four address 13 bugs affecting Windows, Internet Explorer and the .NET Framework.

Microsoft is prepping fixes for 19 security vulnerabilities for this month’s Patch Tuesday.

The vulnerabilities are stretched out across six bulletins, four of which are rated critical. Those four address 13 bugs affecting Windows, Internet Explorer and the .NET Framework.

“Most organizations will be affected by these critical bulletins as they relate to legacy codebase that is present even in Microsoft’s most recent releases, such as Windows 8 and Windows Server 2012,” said Marcus Carey, a security researcher with Rapid7. “This may come as a surprise to many who expected that Windows 8 and Windows Server 2012 to be much more secure than legacy versions. The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues.”

The non-critical updates include a bulletin rated ‘Important’ that will address four vulnerabilities in Microsoft Office and a ‘Moderate’ update will address two issues in Microsoft Windows.

Bulletin 1 is expected to be a critical cumulative update for Internet Explorer 9 addressing three vulnerabilities. While no attacks have yet been observed in the wild, this should be considered the highest priority for Windows 7 and Vista systems.

Bulletin 6 is marked as important and will close a file format bug in Excel. Bulletin 3 will be a moderate update for IIS but will be an issue only on IIS systems set up to provide FTP services.

In addition to the Microsoft patches, there are two other significant software updates IT administrators need to be aware of and should address next week, blogged Qualys CTO Wolfgang Kandek.

Advertisement. Scroll to continue reading.

“Adobe released a new version of its Flash player that addresses seven vulnerabilities,” he wrote. “Adobe rates them as “critical” and assigns the patch an overall urgency rating of “1”, indicating that patching should be performed within one week. Apple released version 7.7.3 of its Quicktime player for Windows, which addresses nine vulnerabilities. They are all rated critical and should be addressed as quickly as possible.”

“IT administrators may find they don’t have much to be thankful for this Thanksgiving with a disruptive Patch Tuesday headed their way,” said Paul Henry, a security analyst at Lumension.

“We knew that IE9 would have some bugs, but it’s got to be demoralizing for Microsoft to have to patch their newer, more secure browser again so quickly,” said Andrew Storms, director of security operations at nCircle.

Microsoft is also re-releasing two older patches in order to fix timestamp issues with updates from earlier this year.

The Microsoft updates are slated to be released Nov. 13 at approximately 10 a.m. PST.

Additional reporting by Fahmida Rashid

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.