October 25, 2014

Two Critical-level bulletins to be released by Microsoft on Tuesday, IE 8 patch not included

microsoft logo(LiveHacking.Com) –  Microsoft is preparing to release seven security bulletins next week; two Critical and five Important. In total they address 12 vulnerabilities in Microsoft Windows, Office, Developer Tools, Microsoft Server Software and the .NET Framework.

There is no news on when Microsoft plans to patch the zero day vulnerability and exploit in Internet Explorer that was discovered during the holidays. Until it is fixed, Microsoft has issued a Fix It. The vulnerability was discovered when FireEye was investigating reports that the Council on Foreign Relations (CFR) website had been compromised. According to Microsoft’s Security Advisory 2794220, the issue impacts Internet Explorer 6, 7, and 8 and that there are a small number of targeted attacks happening in the wild.

The first Critical bulletins affects all supported versions of  Windows (including Windows 8), Office 2003 & 2007 and some server software. The second is for Windows 7 and Windows Server 2008 R2 only. Both critical bulletins address vulnerabilities would enable an attacker to remotely execute code on a vulnerable Windows machine.

Windows 8 RT, the version of Windows that runs on the ARM processor used, among others, on Microsoft’s Surface tablet, is also affected by the first Critical bulletin and at least three of the Important-level ones.

The Important-level bulletins address vulnerabilities that could allow privilege escalations, vulnerabilities that could allow security features to be bypassed or vulnerabilities which could allow attackers to start a denial of service attack.

Microsoft plans to release the bulletins on the second Tuesday of the month, at approximately 10 a.m. PST.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks