Connect with us

Hi, what are you looking for?


Malware & Threats

Microsoft Set to Issue 14 Security Updates for Patch Tuesday

Microsoft is planning to release 14 security bulletins next week as part of its Patch Tuesday update, including four critical updates for Internet Explorer, Windows, Outlook and SharePoint.

Microsoft is planning to release 14 security bulletins next week as part of its Patch Tuesday update, including four critical updates for Internet Explorer, Windows, Outlook and SharePoint.

In addition to the four critical updates are 10 other bulletins ‘Important’ that cover issues in Windows, Microsoft Office and the .NET Framework.

“First reaction to this month’s patch notification is the sheer number of bulletins,” said Ken Pickering, director of engineering, CORE Security. “While most of them are fairly standard, there is a long list of them with which administrators must content.”

Opinions were mixed about how the bulletins organizations should be prioritized, but multiple experts said bulletin 1 is likely the one that should be taken care of first.

“Bulletin #1 is for Sharepoint Server and should be the highest priority on the list for your server administrators, after diligent testing to assure that the patch does not impact any business critical functionality,” noted Qualys CTO Wolfgang Kandek.

The data on a server machine is typically more valuable than data on a workstation machine, and it is fairly easy to discover Sharepoint servers using Google, said Tommy Chin, technical support engineer at CORE Security.

 “Attackers can leverage this easy-to-obtain list, and start hammering on Sharepoint servers around the world. Just because the patch potentially doesn’t require a restart doesn’t mean that this vulnerability should not be treated with highest severity,” Chin said.

Advertisement. Scroll to continue reading.

Bulletin two should also be a high priority for enterprise desktop security teams because it addresses a flaw in Microsoft Office that can be triggered by simply previewing an e-mail in Outlook, even without explicitly opening the e-mail, blogged Kandek.

In addition to the Microsoft updates, Adobe Systems has plans for some updates of its own for Adobe Reader and Acrobat. The vulnerabilities, which have a priority rating of ‘2’, are considered critical and affect both Microsoft Windows and Mac OS X computers.

The updates for both Microsoft and Adobe will be released Sept. 10. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...