Microsoft prepares seven patches for 20 security issues

Share this article:

Microsoft is prepping seven patches for release as part of next week's monthly security update.

Just one of the seven bulletins is labeled "critical" and  it addresses vulnerabilities in all versions of Word, the software giant announced Thursday. The remaining patches are designated as "important," and fix flaws in Windows, Office and SQL Server.

In total, 20 bugs are scheduled to be patched, some of which are publicly known.

In July, Microsoft warned about 13 vulnerabilities in Exchange and FAST Search Server 2010 for SharePoint. The bugs actually lie in Oracle Outside In, a set of libraries that software developers use to decode hundreds of file formats. That technology ships on Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint.

If exploited, "an attacker [can] take control of the server process that is parsing a specially crafted file," according to Microsoft. "An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do."

Tuesday's patch batch also will serve as a final call for users to install an update that requires they employ certificates carrying an RSA key length of at least 1,204 bits.The update initially could be installed manually, but now Microsoft is making it available automatically through Windows Update.

Customers actually are encouraged to run certs with much higher key lengths, even beyond 2,048 bits. This is an additional safeguard that the software giant is releasing as a result of the Flame virus, which spread by spoofing Microsoft certificates.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.