Microsoft schedules seven security patches for monthly Patch Tuesday

Share this article:

Microsoft next week expects to release seven patches to cover vulnerabilities across its product line.

According to the software giant's advance notification announced Thursday, four of the bulletins are rated "critical," while three earned "important" designations. They address flaws in Internet Explorer (IE), Windows, Office, Server Software and Silverlight.

The high-priority fix appears to be a cumulative patch that will correct flaws across all supported versions of IE. Attackers can exploit these weaknesses to launch drive-by download attacks against users who unknowingly visit an infected website.

"Microsoft patched IE every month since November 2012, so it shouldn't surprise anyone that they're going to patch it again this month," said Andrew Storms, director of security operations for vulnerability and risk management provider nCircle. "Microsoft is clearly delivering on their commitment to release more frequent IE patches. They're never going to get the IE bug backlog down to zero, but you have to admire their determination to try."

Another of the pressing critical patches addresses vulnerabilities in Silverlight, an application development suite, that "is widely installed at least on end-user workstations to run media applications, for example Netflix," said Wolfgang Kandez, CTO of cloud security company Qualys.

The patches are scheduled to be released about 1 p.m. on Tuesday.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.