Microsoft to release 14 bulletins patching Office, Windows, IE and .NET
Posted on 06 September 2013.
September's edition of Microsoft's patch Tuesday advance notification has emerged in all its glory. A hefty 14 bulletins are in the offing, split equally between the MS Office family and Windows OS patches, with a sprinkling of Internet Explorer (IE) and .NET thrown in for flavor.

There are five advisories labeled as critical, Microsoft's highest rating. All of these are going to be important, subjective to the deployment of various versions of Windows in your environment. One of these is going to be the monthly IE update, which is always important for those who have not yet switched to a better browser. All versions of IE require this update.

Of the other four critical bulletins, aside from the IE one, bulletins four and five jump out as particularly concerning, especially four, which applies only to XP and 2003. Interestingly, bulletin five applies to Vista and 2008, but not Windows 7 or later. Either of these could be a wormable issue, though likely not in a default configuration.

If you are running a Microsoft heavy shop and have significantly invested in the back office technology of Sharepoint and all its glorious services, then this month is going to be very busy for you. There are lots of patches to deploy, many of which are high risk. Office vulnerabilities are typically mitigated by the fact that they require a user to interact with something malicious, either through an attachment or a link, in order to be exploited. But with the Office Server (SharePoint) that degree of mitigation may go away and other factors of defense in depth will come into play.


Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.





Spotlight

Behavioral analysis and information security

Posted on 22 September 2014.  |  In this interview, Kevin Watkins, Chief Architect at Appthority, talks about the benefits of using behavioral analysis in information security and how behavioral analysis can influence the evolution of security technologies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //