Patch/Configuration Management, Vulnerability Management

ActiveX fix, eight other Microsoft patches to land Tuesday

Microsoft expects to distribute nine patches on Tuesday as part of its monthly security update, one of which should resolve a recently announced flaw that was being actively exploited.

Eight of the fixes address vulnerabilities in Windows, five of which have been assigned a "critical" rating by the software giant. Three others are deemed "important."

The ninth bulletin, graded critical, addresses a zero-day ActiveX bug affecting Office, Visual Studio, ISA Server and BizTalk Server. The vulnerability, which has been leveraged to conduct in-the-wild attacks, resides in the Spreadsheet ActiveX control in Office Web Components, according to an advisory from July.

As users await the fix, Microsoft has been recommending they set a kill bit to prevent Office Web Components from running in Internet Explorer.

The patches are expected to be dropped about 1 p.m. EST on Tuesday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.