Microsoft is planning to release 14 security bulletins next week as part of its Patch Tuesday update, including four critical updates for Internet Explorer, Windows, Outlook and SharePoint.
In addition to the four critical updates are 10 other bulletins ‘Important’ that cover issues in Windows, Microsoft Office and the .NET Framework.
“First reaction to this month’s patch notification is the sheer number of bulletins,” said Ken Pickering, director of engineering, CORE Security. “While most of them are fairly standard, there is a long list of them with which administrators must content.”
Opinions were mixed about how the bulletins organizations should be prioritized, but multiple experts said bulletin 1 is likely the one that should be taken care of first.
“Bulletin #1 is for Sharepoint Server and should be the highest priority on the list for your server administrators, after diligent testing to assure that the patch does not impact any business critical functionality,” noted Qualys CTO Wolfgang Kandek.
The data on a server machine is typically more valuable than data on a workstation machine, and it is fairly easy to discover Sharepoint servers using Google, said Tommy Chin, technical support engineer at CORE Security.
“Attackers can leverage this easy-to-obtain list, and start hammering on Sharepoint servers around the world. Just because the patch potentially doesn’t require a restart doesn’t mean that this vulnerability should not be treated with highest severity,” Chin said.
Bulletin two should also be a high priority for enterprise desktop security teams because it addresses a flaw in Microsoft Office that can be triggered by simply previewing an e-mail in Outlook, even without explicitly opening the e-mail, blogged Kandek.
In addition to the Microsoft updates, Adobe Systems has plans for some updates of its own for Adobe Reader and Acrobat. The vulnerabilities, which have a priority rating of ‘2’, are considered critical and affect both Microsoft Windows and Mac OS X computers.
The updates for both Microsoft and Adobe will be released Sept. 10.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
- Consolidate Vendors and Products for Better Security
