Microsoft to release eight bulletins, two critical, on upcoming Patch Tuesday

Share this article:
Microsoft will be delivering five updates on upcoming Patch Tuesday, two of which are critical.
Microsoft addresses a number of flaws on its upcoming Patch Tuesday.

Two of the eight bulletins scheduled for Microsoft's upcoming Patch Tuesday are deemed critical, but none will address flaws in Windows XP, the still widely used operating system that lost support in April.

Three bulletins address remote code execution vulnerabilities, but only two are deemed critical, meaning the bugs can be exploited to allow for code execution without any user interaction.

One remote code execution impacts Internet Explorer (IE) 6 through IE 11 on all Windows platforms, according to a notification posted on Thursday, which explains that the other remote code execution impacts SharePoint Server 2007, 2010 and 2013.

The third remote code execution, which is deemed important, impacts Microsoft Office 2007, 2010 and 2013. In a statement emailed to on Thursday, Wolfgang Kandek, CTO with Qualys, said that the attack vector involves a malicious document that the victim has to open.

“Attackers would use a document, like in a social engineering attack, which aims at convincing the user to open the document, for example, by making it appear as coming from the user's HR department, or promising information about a subject of interest to the user,” Kandek said.

Of the remaining bulletins, all of which are deemed important, three address elevation of privileges in Windows and .NET Framework, one addresses a denial-of-service issue in Windows, and the final one addresses a security feature bypass in Microsoft Office.

Despite dropping support in April, Microsoft included Windows XP in an unscheduled patch, released early this month, to address a critical zero-day remote code execution vulnerability affecting IE 6 through IE 11. The bug was being exploited in a campaign known as Operation Clandestine Fox.

[An earlier version of this story incorrectly referred to the bulletins as individual bugs, vulnerabilities or flaws].

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Schumer: Feds should do 'top to bottom' probe of online drug marketplaces

Sen. Charles Schumer of New York has called on federal law enforcement officials to stop "copy cat websites."

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.