Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft to Plug 21 Security Vulnerabilities for Patch Tuesday

Microsoft is prepping nine security bulletins to patch 21 vulnerabilities next week as part of Patch Tuesday.

This month’s update features fixes for Microsoft Windows, Office, Internet Explorer and .NET/Silverlight. Four of the bulletins are rated ‘Critical.’ In particular, these bulletins affect Windows, the .NET Framework, Silverlight and Internet Explorer. The remaining bulletins are all rated ‘Important.’

Microsoft is prepping nine security bulletins to patch 21 vulnerabilities next week as part of Patch Tuesday.

This month’s update features fixes for Microsoft Windows, Office, Internet Explorer and .NET/Silverlight. Four of the bulletins are rated ‘Critical.’ In particular, these bulletins affect Windows, the .NET Framework, Silverlight and Internet Explorer. The remaining bulletins are all rated ‘Important.’

“It’s surprising that this month’s patch affects almost every Windows operating system — each OS is affected by five of the eight applicable bulletins,” noted Andrew Storms, director of security operations at nCircle. “That’s kind of weird because newer OS versions are generally more secure. It’s even more surprising that Windows Server 2008 R2 is affected by the greatest number of bulletins. Generally, we see fewer bugs on server side operating systems, and this is doubly true for Server 2008 since so many of its newer mitigations and default settings protect the OS even when bugs are found.”

Marcus Carey, security researcher at Rapid7, said the first bulletin is a core operating system vulnerability that affects all modern deployed workstations and servers, and noted the fourth bulletin is the third critical update during the last few months that patches .Net and Silverlight.

“Media players and browser plug-ins are very popular attack vectors these days as browsers are effectively taking the role of operating systems for users and so anything that can exploit the browser directly or indirectly will receive attention with exploit development and research,” he said. “This Patch Tuesday will certainly affect all organizations and home users. Since many of these require restart, organizations should test, patch and plan for downtime while their services are restored.”

Microsoft is scheduled to release the updates Feb. 14 at 10 a.m. PST.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.