Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Preps Critical IE, Windows Patches

Microsoft is readying nine security bulletins for release next week as part of Patch Tuesday.

According to their pre-patch advisory notice, three of the bulletins are rated ‘critical’. Five of the remaining bulletins are considered ‘important’, while the final bulletin is classified as ‘moderate.’

Microsoft is readying nine security bulletins for release next week as part of Patch Tuesday.

According to their pre-patch advisory notice, three of the bulletins are rated ‘critical’. Five of the remaining bulletins are considered ‘important’, while the final bulletin is classified as ‘moderate.’

All three of the critical updates address remote code execution issues. According to Microsoft, the updates cover flaws in Internet Explorer, Windows and the .NET Framework. These updates will be the top patching priorities, with the Internet Explorer bulletin likely being at the biggest risk of exploitation, said Ross Barrett, senior manager of security engineering at Rapid7.

Behind the three critical bulletins, there are four issues marked as Important that enable either remote code execution or elevation of privilege, he said, adding that most Windows versions are affected and in one case so are Office and SharePoint. 

“These will be the second patching priority,” he said.

There is also a bulletin related ‘important’ that affects Microsoft Developer Tools and has to do with a security feature bypass.

Rounding out the group is a ‘Moderate’ elevation of privilege issue affecting Windows and Office that seems to be related to the Office Japanese language input extensions and does not apply to Windows 8 or later, Barrett noted.

“Next week’s patch load will include the typical – another critical update for IE and a wide variety of software products will be impacted this month,” blogged Russ Ernst, director of product management, Lumension. “Vulnerabilities discovered in most versions of Windows Server, Win 7 and 8 and the .NET framework make up this month’s 3 critical bulletins.”

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.