Microsoft prepares seven patches for 20 security issues

Share this article:

Microsoft is prepping seven patches for release as part of next week's monthly security update.

Just one of the seven bulletins is labeled "critical" and  it addresses vulnerabilities in all versions of Word, the software giant announced Thursday. The remaining patches are designated as "important," and fix flaws in Windows, Office and SQL Server.

In total, 20 bugs are scheduled to be patched, some of which are publicly known.

In July, Microsoft warned about 13 vulnerabilities in Exchange and FAST Search Server 2010 for SharePoint. The bugs actually lie in Oracle Outside In, a set of libraries that software developers use to decode hundreds of file formats. That technology ships on Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint.

If exploited, "an attacker [can] take control of the server process that is parsing a specially crafted file," according to Microsoft. "An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do."

Tuesday's patch batch also will serve as a final call for users to install an update that requires they employ certificates carrying an RSA key length of at least 1,204 bits.The update initially could be installed manually, but now Microsoft is making it available automatically through Windows Update.

Customers actually are encouraged to run certs with much higher key lengths, even beyond 2,048 bits. This is an additional safeguard that the software giant is releasing as a result of the Flame virus, which spread by spoofing Microsoft certificates.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.