Three "critical" patches to be in Microsoft security update

Share this article:

Microsoft is planning to next week release 14 patches to fix 20 vulnerabilities across its product line, the company announced Thursday.

Tuesday's monthly security update, to be released around 1 p.m. EST, will come with three "critical" and 11 "important" bulletins to plug holes in Windows, Office, Internet Explorer, Publisher and Windows Media Player. Most of the vulnerabilities, if exploited, can lead to remote code execution.

It is unclear if the update will include remediation for an unpatched Windows Kernel vulnerability, disclosed just prior to the November patches, which aids in the spread of the Duqu trojan.

In addition to describing the planned fixes, Angela Gunn, a senior response communications manager for Microsoft Trusworthy Computing, announced in a Thursday blog post that there is now "greater transparency" around the Microsoft Active Protections Program (MAPP).

Under the program, which launched in 2008, Microsoft shares vulnerability details with approved software security providers prior to the monthly fixes being released. This allows security firms to immediately protect their customers once the patches are delivered.

In an effort to achieve more openness, Microsoft decided to tweak the system so that it will list which partners have provided protection within four days of a security advisory, which warns of a particular vulnerability, being released.The most recent advisory was released Nov. 3 for the Duqu issue.

"Naturally, not every advisory applies to every partner, so we do not expect them all to report protections in place for every individual advisory," Gunn wrote.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.