Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Plans Few Security Fixes for September’s Patch Tuesday

Microsoft has a relatively light Patch Tuesday planned for next week with no critical patches.

According to the company’s pre-patch advisory, Microsoft plans to release five security updates rated ‘Important.’ The bulletins cover issues in Windows, Microsoft Office and Microsoft Server Software such as SharePoint Server and Office Groove Data Bridge Server.

Microsoft has a relatively light Patch Tuesday planned for next week with no critical patches.

According to the company’s pre-patch advisory, Microsoft plans to release five security updates rated ‘Important.’ The bulletins cover issues in Windows, Microsoft Office and Microsoft Server Software such as SharePoint Server and Office Groove Data Bridge Server.

Patch Tuesday September 2011Of the five bulletins, three address issues that could be exploited to remotely execute code. The other two can be used to escalate privileges.

“It’s easy for organizations to gain a false sense of security during a light patch month and sometimes an attitude of complacency towards non-critical vulnerabilities is evident, but while there are no “critical” bulletins this month, organizations should not downplay the vulnerabilities being addressed,” opined Marcus Carey, security researcher from Rapid7. “I know of organizations that have 30 day patch requirements for “critical” – which is too long in my opinion – and up to three months to patch “important” and below.”

Vulnerability Resource: Vulnerability Management Buyer’s Checklist: Key Questions to Ask

But it’s not just Microsoft that has patches planned. Adobe has some fixes of its own on the way. The company did not say much about what issues would be addressed, but that the updates would be for Adobe Reader and Acrobat versions X (10.1) and earlier for Windows and Macintosh.

Both sets of patches are slated to be available Tuesday, Sept. 13.

Related Resource: The Top 10 Reports for Managing Vulnerabilities

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.