Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Slates Critical Patch Tuesday Updates for Windows, Security Software

Microsoft is planning to release five security bulletins next week for this month’s Patch Tuesday, including two that are rated ‘critical.’

Microsoft is planning to release five security bulletins next week for this month’s Patch Tuesday, including two that are rated ‘critical.’

According to the company, the critical bulletins address remote code execution issues in Microsoft Windows and Security Software, while the other bulletins – which are all rated ‘important’ – address various issues in Windows and the .NET Framework.

“Microsoft continues the trend they started last month of keeping Patch Tuesday relatively light,” said Ross Barrett, senior manager of security engineering at Rapid7. 

“The two critical advisories are unusual in that they don’t touch older versions of Windows or Internet Explorer,” he added. “The first patches a remote code execution vulnerability that affects Windows 7 through to Windows 8.1, including 8.1 RT.  The second, also a remote code execution, is actually an issue in Forefront Protection for Exchange Server (2010). Given a remote code execution in a perimeter service like Forefront, I’d have to say that this is the highest priority patching issue this month.  The second is, not surprisingly, the critical in Windows 7 and later.”

Researchers with CORE Security suggested organizations treat the second bulletin with the highest priority.

“It would be tragic to let the Forefront software protecting your Exchange Server be part of the attack path an attacker uses as the open door,” said Tommy Chin, technical support engineer, CORE Security. “Bulletin 4 seems to be interesting as well. The type of information disclosed by this vulnerability would be interesting to know since it affects all major Windows operating systems.”

The security updates will be released Feb. 11. So far, 2014 has been a quiet one for Microsoft updates. In January, the company issued just four security bulletins, and none of them were classified as ‘critical.’ But IT departments have other security updates to worry about.

“Adobe released an emergency fix this week to patch vulnerabilities in the Flash Player plug in for IE and other browsers,” noted Russ Ernst, director of product management at Lumension, in a blog post. “These vulnerabilities are under active attack and given the wide spread use of Flash in browsers, this will create a cascading affect for companies like Firefox, Google and others to also address it.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.