Microsoft prepares seven patches for 20 security issues

Share this article:

Microsoft is prepping seven patches for release as part of next week's monthly security update.

Just one of the seven bulletins is labeled "critical" and  it addresses vulnerabilities in all versions of Word, the software giant announced Thursday. The remaining patches are designated as "important," and fix flaws in Windows, Office and SQL Server.

In total, 20 bugs are scheduled to be patched, some of which are publicly known.

In July, Microsoft warned about 13 vulnerabilities in Exchange and FAST Search Server 2010 for SharePoint. The bugs actually lie in Oracle Outside In, a set of libraries that software developers use to decode hundreds of file formats. That technology ships on Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint.

If exploited, "an attacker [can] take control of the server process that is parsing a specially crafted file," according to Microsoft. "An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do."

Tuesday's patch batch also will serve as a final call for users to install an update that requires they employ certificates carrying an RSA key length of at least 1,204 bits.The update initially could be installed manually, but now Microsoft is making it available automatically through Windows Update.

Customers actually are encouraged to run certs with much higher key lengths, even beyond 2,048 bits. This is an additional safeguard that the software giant is releasing as a result of the Flame virus, which spread by spoofing Microsoft certificates.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.