Microsoft is planning to release five security bulletins next week for this month’s Patch Tuesday, including two that are rated ‘critical.’
According to the company, the critical bulletins address remote code execution issues in Microsoft Windows and Security Software, while the other bulletins – which are all rated ‘important’ – address various issues in Windows and the .NET Framework.
“Microsoft continues the trend they started last month of keeping Patch Tuesday relatively light,” said Ross Barrett, senior manager of security engineering at Rapid7.
“The two critical advisories are unusual in that they don’t touch older versions of Windows or Internet Explorer,” he added. “The first patches a remote code execution vulnerability that affects Windows 7 through to Windows 8.1, including 8.1 RT. The second, also a remote code execution, is actually an issue in Forefront Protection for Exchange Server (2010). Given a remote code execution in a perimeter service like Forefront, I’d have to say that this is the highest priority patching issue this month. The second is, not surprisingly, the critical in Windows 7 and later.”
Researchers with CORE Security suggested organizations treat the second bulletin with the highest priority.
“It would be tragic to let the Forefront software protecting your Exchange Server be part of the attack path an attacker uses as the open door,” said Tommy Chin, technical support engineer, CORE Security. “Bulletin 4 seems to be interesting as well. The type of information disclosed by this vulnerability would be interesting to know since it affects all major Windows operating systems.”
The security updates will be released Feb. 11. So far, 2014 has been a quiet one for Microsoft updates. In January, the company issued just four security bulletins, and none of them were classified as ‘critical.’ But IT departments have other security updates to worry about.
“Adobe released an emergency fix this week to patch vulnerabilities in the Flash Player plug in for IE and other browsers,” noted Russ Ernst, director of product management at Lumension, in a blog post. “These vulnerabilities are under active attack and given the wide spread use of Flash in browsers, this will create a cascading affect for companies like Firefox, Google and others to also address it.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Patient Information Compromised in Data Breach at San Diego Healthcare Provider
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
