Microsoft plans to release eight security bulletins next week as part of its Patch Tuesday release.
According to its Security Bulletin Advanced Notification, the company has two ‘critical’ bulletins on tap for next week, affecting Microsoft Server Software, Productivity Software, Windows and Internet Explorer. The remaining six bulletins are classified as ‘important’.
“The busy month comes just one-week after the out-of-band patch for IE, MS14-021, released by Microsoft May 1,” said Russ Ernst, director, product management at Lumension. “Interestingly, a critical fix for IE is first on the advance notification list this month too. The bad guys continue to wage war on what remains one of the most popular browsers so, for organizations that rely on it, IT needs to patch monthly, at a minimum.”
SharePoint users will want to pay close attention to the second critical bulletin, which impacts 2007, 2010 and 2013 and Microsoft Web Apps, he said.
Qualys CTO Wolfgang Kandek blogged that the second bulletin allows for remote code execution, and should be high on an organization’s patch list in particular if any of the affected platforms are exposed to the Internet.
“The remaining bulletins,” Ernst noted, “are rated important and impact a wide-range of software categories. Bulletin 3 is a possible remote code execution that hits Office; bulletin 4 is for most versions of Windows. Windows and the .NET framework are covered off in bulletin 5 with an elevation of privilege issue. The sixth and seventh bulletins impact most versions of Windows with elevation of privilege and denial of service issues respectively. The last bulletin addresses a security feature bypass issue in Office.”
In addition to the Microsoft advisory, Adobe Systems stated it plans to release updates for Adobe Reader and Acrobat XI (11.0.06) and earlier for Windows and Macintosh next week. Both the Microsoft and Adobe updates will be released May 13.
Earlier this month, Microsoft released an out-of-band patch to fix a critical Internet Explorer vulnerability that had come under attack.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
