Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities

By Robert Westervelt, News Editor 04 Jun 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft plans to release 10 security bulletins as part of its Patch Tuesday update cycle next week, including critical updates affecting Internet Explorer, Word, Excel and Office.

On Thursday in a June advance notification on Microsoft's TechNet site, the software giant said six of the 10 security bulletins are rated critical.

The Patch Tuesday release will not include a Microsoft security fix addressing a DirectShow vulnerability being actively targeted in the wild. Microsoft said it would release a fix either next month or in an out of band release.

Recent Microsoft updates: May - Microsoft updates Office to address serious PowerPoint vulnerabilities One of the PowerPoint zero-day flaws was being actively targeted by attackers. April - Microsoft patches serious Excel zero-day, Windows flaws Microsoft is patching flaws in Excel and WordPad that are reportedly being actively exploited in the wild and could allow an attacker to gain access to sensitive data. March - Microsoft patches critical Windows kernel flaw: A critical flaw in the Windows graphics rendering component could be exploited by an attacker to gain access to sensitive data and take control of a machine.

"Our security teams are working hard on a security update that addresses this issue to protect customers, but we do not yet have an update that has reached the appropriate level of quality for broad distribution," Christopher Budd, Microsoft security response communications lead said in a statement.

Hackers are targeting a QuickTime handling flaw in DirectShow. The vulnerability enables attackers to create drive-by exploits that target Windows Media Player, which uses DirectShow media-streaming architecture.

Microsoft also plans to release a fix for users of Microsoft Office for Mac, repairing critical PowerPoint flaws patched for other Windows-based versions last month. MS09-017 was the only security bulletin the software giant issued last month. The remote code execution vulnerabilities in Microsoft Office PowerPoint included several memory corruption flaws, legacy file handling errors and an integer overflow error.

Tags: Windows Security: Alerts, Updates and Best Practices,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Exploit code targets Internet Explorer zero-day display flaw Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Security Patch Management What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary