Microsoft to release 10 bulletins
Posted on 10 May 2013.
It is the week before Patch Tuesday May and Microsoft has published its Advance Notification, giving us insight into what to expect next Tuesday.

There will be 10 bulletins this month, covering all versions of Internet Explorer (IE), Microsoft Office and Windows. The fixes for IE include the patch for the current 0-day vulnerability. A total of five bulletins allow for remote code execution (RCE) and should be the focus points for your patching next week.

Bulletin 2 is for the recent IE 8 0-day and is rated “critical” for granting RCE and should be on the top of your list if you are on IE8, which, according to our BrowserCheck statistics, still accounts for about 43 percent of users. Bulletin 1 is also for IE and affects all versions from 6 to 10 on all Windows operating systems from XP to 8, and including RT. It includes the patches for the vulnerabilities discovered at the PWN2OWN competition at CanSecWest in March of this year.

The remaining RCE-type vulnerabilities are concentrated on Microsoft Office. The most widely installed is probably Bulletin 7, which is for Word 2003 and Word Viewer. Bulletin 6 covers the Microsoft Publisher included in Office 2003, 2007 and 2010, and Bulletin 5 is for Microsoft’s instant messaging modules - Communicator 2007 and Lync 2010.

There are also three bulletins (3, 4 and 10) for Windows itself that address Denial of Service, Spoofing and Elevation of Privilege vulnerabilities, all of them local and rated “important.”

Outside of Microsoft, we will also see patches from Adobe. They will release a new version of Adobe Reader next Tuesday. And are also working on a patch for a new 0-day vulnerability in ColdFusion, which is also expected to be released next Tuesday. If you run ColdFusion, which has come under some scrutiny lately from attackers, take a look at the advisory in detailed in APSA13-03.


Author: Wolfgang Kandek, CTO, Qualys.





Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //