Microsoft to patch Windows, Office security flaws

With hackers exploiting unpatched vulnerabilities in its Windows and Office software, Microsoft Corp. plans to issue 11 security updates on Tuesday.

Some of the Office and Windows updates will be for critical flaws that could be exploited by attackers with no action on the part of users. Six of the patches will be for Windows, and four of them will be for Office, Microsoft said Thursday in a note on its Web site. That note can be found at this Web site.

The 11th update will be for a flaw in Microsoft’s .Net framework, which is considered less severe than the critical Windows and Office patches.

October 10 also marks the end of the line for Windows XP Service Pack 1, which will no longer be supported by Microsoft as of that date. Microsoft’s advisory on this issue can be found at this Web site.

Though the vast majority of Windows XP users have migrated to Service Pack 2, released two years ago, lately there has been an uptick of interest in Service Pack 2 migration issues on patch management discussion lists, said Susan Bradley, chief technology officer with Tamiyasu, Smith, Horn and Braun, Accountancy Corp. “There are still people out there using Service Pack 1,” she said.

Those who haven’t made the move may be running specialized applications that do not support Service Pack 2 but this kind of legacy software issue is usually less pronounced with client operating systems like Windows XP, said Chris Andrew, vice president of security technologies at PatchLink Corp. “Now pretty much everybody is running Service Pack 2, so I don’t think there’s going to be a significant outcry,” he predicted.

Hackers have been keeping Microsoft’s Security Response Center busy this past month.

Microsoft generally issues its security patches on the second Tuesday of every month, but last week the company was forced to issue a rare, “out-of-cycle” security patch after criminals began exploiting a flaw in Internet Explorer’s VML (Vector Markup Language) rendering engine.

And security experts have also warned of cyberattacks based on unpatched flaws in PowerPoint, Word 2000 and in an ActiveX control (called WebViewFolderIcon) used by the Windows’ graphical user interface software.

The WebViewFolderIcon flaw will be patched Tuesday, Microsoft said. Attacks that take advantage of this flaw have been seen on the Internet, the SANS Internet Storm Center warned earlier this week. The SANS warning can be found at this Web site.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now