Windows, Visual Studio security fixes set

Microsoft Corp. plans to patch its Windows and Visual Studio products next week, but it does not have a fix in the works for a widely publicized flaw in Word, which hackers are reportedly exploiting in targeted attacks.

The company’s security team is readying five sets of patches for Windows, and will also issue a single critical security update for Visual Studio, Microsoft said in an alert published Thursday.

Microsoft rates the most serious of its Windows updates as “critical,” meaning an attacker could exploit the underlying flaw to run malware on a victim’s PC with no user action, the company said.

These security patches are usually released on the second Tuesday of each month, and the company strives to publish a small number of updates in December, because IT operations are often short-staffed during the holiday season.

On Tuesday, Microsoft warned of a vulnerability in its Word software that had been reportedly used in online attacks. Security researchers rated this flaw critical, because an attacker could exploit it to run malicious software on a victim’s PC. For such an attack to work, however, the victim would first have to be tricked into opening a maliciously encoded Word file.

The Word flaw is not scheduled to be patched next Tuesday, said a spokesman for Microsoft’s public relations firm.

There is, however, one critical Visual Studio flaw that may be addressed in the updates. That bug is in Visual Studio 2005’s WMI Object Broker ActiveX object. It was first reported in late October.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now