Microsoft plans to deliver 14 patches as part of its monthly Patch Tuesday security update, including fixes that address troubling remote code execution flaws in its products.
Four of the patches, or Microsoft “bulletins,” will plug critical remote code execution vulnerabilities in the Microsoft Office, Windows and Server software, an advanced notification from the software giant said on Thursday.
Wolfgang Kandek, CTO at vulnerability and compliance management firm Qualys, said in prepared comments that one critical patch, Bulletin #2, should be top of mind because of how easy it is for miscreants to target victims.
“Bulletin #2 should be high priority for your desktop security team; it addresses a flaw in Microsoft Office that can be triggered simply by previewing an email in Outlook, even without explicitly opening the email,” Kandek warned. Users running Outlook 2007 and 2010 can update their software with the patch.
Other fixes deemed “critical,” Microsoft's highest rating, update the company's Sharepoint Server product, Internet Explorer versions 6 to 10, and operating systems Windows XP and Windows Server 2003.
Bulletins ranked “important” also included fixes for remote code execution flaws and vulnerabilities that could allow an attacker to carry out a denial-of-service, or give saboteurs elevated privileges. Another security issue, which could allow users' private data to be disclosed to attackers, will also be plugged with the Patch Tuesday update.