Microsoft to repair 25 flaws in Windows, Office and Exchange

Eleven bulletins, five critical, will be issued by Microsoft next week.

Microsoft plans to release 11 security bulletins April 13, repairing 25 vulnerabilities in Windows, Microsoft Office and Exchange.

In its patch Advance Notification Service, Microsoft said five of the bulletins are rated critical. The 25 vulnerabilities affect all versions of Windows, including the latest version, Windows 7.

Jerry Bryant, senior security communications manager for the Microsoft Security Response Center, said the software giant will address two publicly known issues. A VBScript issue with Internet Explorer will be repaired. An advisory on the issue was issued March 1. The flaw could allow an attacker to run arbitrary code by tricking a user to browse to a malicious Web page and press the F1 key to access Windows Help files in Internet Explorer.

A denial of service vulnerability in the Server Message Block (SMB) protocol will also be addressed, Bryant said.

Microsoft issued an emergency bulletin March 30, repairing a zero-day vulnerability in Internet Explorer and nine other IE fixes. The zero-day vulnerability affected IE 6 and 7 and was being publicly targeted in the wild. The other fixes rolled into the bulletin address remote code execution and information disclosure flaws. Most were critical, including three Internet Explorer 8 vulnerabilities.

~Robert Westervelt

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close