Microsoft to release emergency bulletins for Visual Studio, IE

An update correcting vulnerabilities in Internet Explorer is rated critical.

Microsoft plans to release two out-of-band security bulletins Tuesday to plug security vulnerabilities in Visual Studio and Internet Explorer (IE).

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a Microsoft Security Bulletin advance notification, the software giant said application developers should be aware of updates.

"While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications," wrote Mike Reavey, group manager at the Microsoft Security Response Center in the MSRC blog. "The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin."

The Visual Studio update is rated as moderate. Reavey said the IE update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin. The vulnerabilities were privately and responsibly reported, he said.

Recent Microsoft updates:
July - Microsoft repairs critical DirectShow, Video ActiveX vulnerabilities The software giant issued six updates this week as part of its Patch Tuesday updates. Three bulletins were rated critical.

June - Microsoft patches WebDAV security vulnerability in bevy of updates: Zero-day flaws in Microsoft Internet Information Services (IIS) Web server and Internet Explorer were among 31 vulnerabilities repaired Tuesday.

On July 14, Microsoft repaired critical zero-day flaws affecting the video streaming technology in Windows, as part of its monthly Patch Tuesday updates. It left a newly discovered hole in Office Web Components wide open, despite being actively targeted by hackers.

Microsoft repaired a flaw related to its DirectShow video streaming software, identified in May, as well as a recently reported Video Controller ActiveX control flaw. The vulnerabilties were being actively targeted in ongoing attacks.

The Office Web Components allow users to view spreadsheets, charts and databases on the Web. Microsoft said the vulnerability is in the Spreadsheet ActiveX Control, which is used by IE.

Microsoft is hosting two webcasts to address customer questions on the out-of-band bulletins at 1 p.m. and 4 p.m. PT on Tuesday. Registration is required.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close