June 14, 2021

Microsoft to patch five critical security flaws in time for the holidays

(LiveHacking.Com) –  Microsoft has published its advance notification for the security vulnerabilities it will fix in December’s patch Tuesday. This month it will release seven security bulletins, five of which are rated as Critical and two as Important. In total these bulletins will address 11 vulnerabilities. The five Critical bulletins will fix security vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer. While the two Important-rated bulletins will resolve issues in Microsoft Windows.

Six of the seven bulletins address vulnerabilities that could allow an attacker to execute arbitrary code on the affected PC. While the other bulletin addresses a “Security Feature Bypass.” When Microsoft talk about a Critical rated vulnerabilities it means a flaw which can be exploited and allow arbitrary code execution without any user interaction. These vulnerabilities can allow self-propagating malware to spread. These types of vulnerabilities are normally exploited without warnings or prompts and can be triggered by browsing to a web page or opening email.

Windows XP is affected by all but one of the Windows related bulletins, as its Windows Server 2003.  Windows Vista, Windows 7 and Windows Server 2008 are likewise affected by four of the five fixes for Windows. For each of the previously mentioned operating systems  bulletin seven (which is rated as Important)  doesn’t apply. However bulletin seven does affect Windows Server 2008 R2 and Windows Server 2012.

Windows 8, Microsoft’s latest operating system which was released in October, is affected by two of the Critical bulletins and just one of Important ones.

Microsoft Office 2003, 2007 and 2010 are all affected by the Critical rated bulletin number three as is Microsoft SharePoint Server 2010 and Microsoft Office Web Apps 2010. Bulletin four deals with Critical issues in Microsoft Exchange Server 2007 and 2010.

“While it may be the most wonderful time of the year, we know it can also be the busiest time of the year,” wrote Dustin Childs from Microsoft. “We recommend that customers pause from searching for those hot new gadgets and review the ANS summary page for more information. Please prepare for bulletin testing and deployment as soon as possible to help ensure a smooth update process.”

Microsoft has scheduled the bulletin release for the second Tuesday of the month, at approximately 10 a.m. PST.