Microsoft prepares seven patches for 20 security issues

Share this article:

Microsoft is prepping seven patches for release as part of next week's monthly security update.

Just one of the seven bulletins is labeled "critical" and  it addresses vulnerabilities in all versions of Word, the software giant announced Thursday. The remaining patches are designated as "important," and fix flaws in Windows, Office and SQL Server.

In total, 20 bugs are scheduled to be patched, some of which are publicly known.

In July, Microsoft warned about 13 vulnerabilities in Exchange and FAST Search Server 2010 for SharePoint. The bugs actually lie in Oracle Outside In, a set of libraries that software developers use to decode hundreds of file formats. That technology ships on Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint.

If exploited, "an attacker [can] take control of the server process that is parsing a specially crafted file," according to Microsoft. "An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do."

Tuesday's patch batch also will serve as a final call for users to install an update that requires they employ certificates carrying an RSA key length of at least 1,204 bits.The update initially could be installed manually, but now Microsoft is making it available automatically through Windows Update.

Customers actually are encouraged to run certs with much higher key lengths, even beyond 2,048 bits. This is an additional safeguard that the software giant is releasing as a result of the Flame virus, which spread by spoofing Microsoft certificates.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.