Microsoft to release eight bulletins, two critical, on upcoming Patch Tuesday

Share this article:
Microsoft will be delivering five updates on upcoming Patch Tuesday, two of which are critical.
Microsoft addresses a number of flaws on its upcoming Patch Tuesday.

Two of the eight bulletins scheduled for Microsoft's upcoming Patch Tuesday are deemed critical, but none will address flaws in Windows XP, the still widely used operating system that lost support in April.

Three bulletins address remote code execution vulnerabilities, but only two are deemed critical, meaning the bugs can be exploited to allow for code execution without any user interaction.

One remote code execution impacts Internet Explorer (IE) 6 through IE 11 on all Windows platforms, according to a notification posted on Thursday, which explains that the other remote code execution impacts SharePoint Server 2007, 2010 and 2013.

The third remote code execution, which is deemed important, impacts Microsoft Office 2007, 2010 and 2013. In a statement emailed to SCMagazine.com on Thursday, Wolfgang Kandek, CTO with Qualys, said that the attack vector involves a malicious document that the victim has to open.

“Attackers would use a document, like in a social engineering attack, which aims at convincing the user to open the document, for example, by making it appear as coming from the user's HR department, or promising information about a subject of interest to the user,” Kandek said.

Of the remaining bulletins, all of which are deemed important, three address elevation of privileges in Windows and .NET Framework, one addresses a denial-of-service issue in Windows, and the final one addresses a security feature bypass in Microsoft Office.

Despite dropping support in April, Microsoft included Windows XP in an unscheduled patch, released early this month, to address a critical zero-day remote code execution vulnerability affecting IE 6 through IE 11. The bug was being exploited in a campaign known as Operation Clandestine Fox.

[An earlier version of this story incorrectly referred to the bulletins as individual bugs, vulnerabilities or flaws].

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.