Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities

By Robert Westervelt, News Editor 04 Jun 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft plans to release 10 security bulletins as part of its Patch Tuesday update cycle next week, including critical updates affecting Internet Explorer, Word, Excel and Office.

On Thursday in a June advance notification on Microsoft's TechNet site, the software giant said six of the 10 security bulletins are rated critical.

The Patch Tuesday release will not include a Microsoft security fix addressing a DirectShow vulnerability being actively targeted in the wild. Microsoft said it would release a fix either next month or in an out of band release.

Recent Microsoft updates: May - Microsoft updates Office to address serious PowerPoint vulnerabilities One of the PowerPoint zero-day flaws was being actively targeted by attackers. April - Microsoft patches serious Excel zero-day, Windows flaws Microsoft is patching flaws in Excel and WordPad that are reportedly being actively exploited in the wild and could allow an attacker to gain access to sensitive data. March - Microsoft patches critical Windows kernel flaw: A critical flaw in the Windows graphics rendering component could be exploited by an attacker to gain access to sensitive data and take control of a machine.

"Our security teams are working hard on a security update that addresses this issue to protect customers, but we do not yet have an update that has reached the appropriate level of quality for broad distribution," Christopher Budd, Microsoft security response communications lead said in a statement.

Hackers are targeting a QuickTime handling flaw in DirectShow. The vulnerability enables attackers to create drive-by exploits that target Windows Media Player, which uses DirectShow media-streaming architecture.

Microsoft also plans to release a fix for users of Microsoft Office for Mac, repairing critical PowerPoint flaws patched for other Windows-based versions last month. MS09-017 was the only security bulletin the software giant issued last month. The remote code execution vulnerabilities in Microsoft Office PowerPoint included several memory corruption flaws, legacy file handling errors and an integer overflow error.

Tags: Windows Security: Alerts, Updates and Best Practices,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to fix 26 flaws in Windows, Office Microsoft warns that IE zero-day vulnerability causes data leakage Microsoft issues critical security update, blocks IE 6 attacks Microsoft emergency IE update to block latest corporate attacks Latest zero-day attacks only target IE 6, Microsoft says Hackers used IE zero-day in Google, Adobe attacks, McAfee says Microsoft issues advisory on Internet Explorer zero-day Microsoft releases Windows OpenType Font Engine patch Microsoft to patch single Windows 2000 vulnerability IIS configuration error leads to increased threat, Microsoft says Security Patch Management Microsoft gives Internet Explorer a major security overhaul Information security book excerpts and reviews What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary