Feeds

Five critical fixes on deck for Patch Tuesday

Updates will address Windows, IE and Office

Top 5 reasons to deploy VMware with Tegile

Microsoft is planning to release at least five critical fixes in next week's Patch Tuesday monthly security update.

The company said that the planned patch release will include fixes for critical remote code execution flaws in versions of Windows, Office, and Internet Explorer, as well as Microsoft Exchange Server.

Among the products which will be impacted by the critical updates are Windows 8 and 8.1, Windows 7, and Windows XP. The Internet Explorer updates will address flaws in versions 6 through 11 of the web browser. Windows Server 2012, 2010, 2008, and 2003 will also see updates, as will the Windows 8 RT tablet build.

Also addressed in the update will be critical flaws for Office 2013, 2010, 2007, and 2003. Microsoft warned that if exploited, the vulnerabilities could allow an attacker to remotely execute code without user notification.

In addition to the five critical security fixes, Redmond is planning to release six bulletins to address less-severe "important" security risks. Those patches will include updates for remote code execution, elevation of privilege and information disclosure flaws, as well as issues that could allow an attacker to bypass security features in Office. The notification does not mention any security updates for OS X versions of Office this month.

For Microsoft Lync, the Patch Tuesday update will bring fixes for important issues in both Lync 2010 and 2013.

The company said that the December edition of Patch Tuesday, the final scheduled security release of the year, will be released on December 10. The company usually posts detailed descriptions of the patched flaws, as well as suggested prioritizing for the updates, when it makes the security bulletins available to users and administrators.

Adobe has also set aside the second Tuesday of the year for its scheduled security updates, though the company has yet to give word on any upcoming patch releases. ®

Beginner's guide to SSL certificates

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.