Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities

Article

Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities

Robert Westervelt, News Editor
SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Microsoft plans to release 10 security bulletins as part of its Patch Tuesday update cycle next week, including critical updates affecting Internet Explorer, Word, Excel and Office.

On Thursday in a June advance notification on Microsoft's TechNet site, the software giant said six of the 10 security bulletins are rated critical.

The Patch Tuesday release will not include a Microsoft security fix addressing a DirectShow vulnerability being actively targeted in the wild. Microsoft said it would release a fix either next month or in an out of band release.

Recent Microsoft updates:
May - Microsoft updates Office to address serious PowerPoint vulnerabilities One of the PowerPoint zero-day flaws was being actively targeted by attackers.

April - Microsoft patches serious Excel zero-day, Windows flaws Microsoft is patching flaws in Excel and WordPad that are reportedly being actively exploited in the wild and could allow an attacker to gain access to sensitive data.

March - Microsoft patches critical Windows kernel flaw: A critical flaw in the Windows graphics rendering component could be exploited by an attacker to gain access to sensitive data and take control of a machine.

"Our security teams are working hard on a security update that addresses this issue to protect customers, but we do not yet have an update that has reached the appropriate level of quality for broad distribution," Christopher Budd, Microsoft security response communications lead said in a statement.

Hackers are targeting a QuickTime handling flaw in DirectShow. The vulnerability enables attackers to create drive-by exploits that target Windows Media Player, which uses DirectShow media-streaming architecture.

Microsoft also plans to release a fix for users of Microsoft Office for Mac, repairing critical PowerPoint flaws patched for other Windows-based versions last month. MS09-017 was the only security bulletin the software giant issued last month. The remote code execution vulnerabilities in Microsoft Office PowerPoint included several memory corruption flaws, legacy file handling errors and an integer overflow error.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top