Microsoft to issue two critical bulletins, SharePoint to remain vulnerable

Microsoft said it would issue two bulletins next week, fixing critical vulnerabilities affecting Windows and Office. A SharePoint server zero-day will remain open.

Microsoft plans to issue two critical bulletins next week, as part of its monthly patch cycle, repairing vulnerabilities affecting Windows and Office.

The software giant issued its advance notification, Thursday, and advised customers that the bulletins would not address a serious zero-day vulnerability affecting its SharePoint content management server.

"Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related update but they are not vulnerable in their default configurations," wrote Jerry Bryant, Microsoft's group manager of response communications, in the Microsoft Security Response Center blog.

Microsoft updates:
Apr. - Microsoft fixes critical drive-by media handling flaws An error in Windows Media Player and flaw in the way Windows handles streaming audio could be exploited by attackers if a user visits a website hosting malicious content.

Mar. - Microsoft repairs Excel flaws, warns of new IE vulnerability: Two bulletins address eight vulnerabilities in Microsoft Windows and Office. Internet Explorer advisory warns of new zero-day vulnerability being used in targeted attacks. 

Bryant warned users of SharePoint not to expect a bulletin addressing the SharePoint zero-day vulnerability in which proof-of-concept code is publicly available. Engineering teams are still working on a patch to repair the vulnerability, he said.

Microsoft issued an advisory last week warning of a cross-site scripting (XSS) vulnerability affecting SharePoint Server 2007 and SharePoint Services 3.0. The vulnerability can be exploited in a browser-based attack and enable an attacker to execute JavaScript code within the vulnerable application.

Last month Microsoft issued 11 bulletins, five critical, repairing 25 vulnerabilities across its product line. In addition to several media handling vulnerabilities, Microsoft fixed a serious Windows Authenticode Verification flaw. Windows Authenticode Verification is a digital signature format used to verify the origin and integrity of software when it is installed on a machine.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close