Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Slates Critical Patch Tuesday Updates for Windows, Security Software

Microsoft is planning to release five security bulletins next week for this month’s Patch Tuesday, including two that are rated ‘critical.’

Microsoft is planning to release five security bulletins next week for this month’s Patch Tuesday, including two that are rated ‘critical.’

According to the company, the critical bulletins address remote code execution issues in Microsoft Windows and Security Software, while the other bulletins – which are all rated ‘important’ – address various issues in Windows and the .NET Framework.

“Microsoft continues the trend they started last month of keeping Patch Tuesday relatively light,” said Ross Barrett, senior manager of security engineering at Rapid7. 

“The two critical advisories are unusual in that they don’t touch older versions of Windows or Internet Explorer,” he added. “The first patches a remote code execution vulnerability that affects Windows 7 through to Windows 8.1, including 8.1 RT.  The second, also a remote code execution, is actually an issue in Forefront Protection for Exchange Server (2010). Given a remote code execution in a perimeter service like Forefront, I’d have to say that this is the highest priority patching issue this month.  The second is, not surprisingly, the critical in Windows 7 and later.”

Researchers with CORE Security suggested organizations treat the second bulletin with the highest priority.

“It would be tragic to let the Forefront software protecting your Exchange Server be part of the attack path an attacker uses as the open door,” said Tommy Chin, technical support engineer, CORE Security. “Bulletin 4 seems to be interesting as well. The type of information disclosed by this vulnerability would be interesting to know since it affects all major Windows operating systems.”

The security updates will be released Feb. 11. So far, 2014 has been a quiet one for Microsoft updates. In January, the company issued just four security bulletins, and none of them were classified as ‘critical.’ But IT departments have other security updates to worry about.

“Adobe released an emergency fix this week to patch vulnerabilities in the Flash Player plug in for IE and other browsers,” noted Russ Ernst, director of product management at Lumension, in a blog post. “These vulnerabilities are under active attack and given the wide spread use of Flash in browsers, this will create a cascading affect for companies like Firefox, Google and others to also address it.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.