Microsoft to address flaws in Windows, Office for Mac

By SearchSecurity.com Staff 06 Nov 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft on Thursday said it plans to release six bulletins next week, including three critical bulletins, addressing flaws in Windows and Microsoft Office products.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The announcement was part of Microsoft's Advance Notification to customers. The security updates will be released Nov. 10 as part of the software maker's monthly Patch Tuesday cycle.

The three critical bulletins could allow remote code execution, Microsoft said. The security updates affect Microsoft Windows 2000, XP, Vista and Windows Server 2008. The updates affecting Microsoft Office components are identified as important and affect Microsoft Excel and Word viewer. The update also affects Microsoft Office 2004 and 2008 for Mac.

Microsoft updates: Microsoft fixes security update that breaks Internet Explorer: An update released Monday corrects two issues that affect the proper display of Web pages. Oct. - Microsoft addresses critical SMBv2 flaw, fixes record number of flaws: Microsoft addressed three critical vulnerabilities in Windows Server Message Block. Thirteen bulletins addressed a record 34 flaws. Sept. - Microsoft repairs Windows media, TCP/IP vulnerabilities: Microsoft released five critical updates fixing a serious flaw in the Windows Media Format Runtime engine and TCP/IP processing errors that could crash Web and mail servers.

Security experts said one of the bulletins, which addresses flaws that could result in a denial-of-service condition, applies to nearly all Windows versions and may be the most serious. HD Moore, chief security officer and chief architect of Metasploit, said the flaw could be to a common API such as a graphics display interface (GDI).

Last month Microsoft issued 13 bulletins, patching a record 34 vulnerabilities across its product line. One of the October bulletins, MS09-054, which addressed four flaws in Internet Explorer, was reissued by Microsoft this week to repair a problem with the patch. The update caused IE to render webpages improperly by miscalculating objects on the page.

Microsoft's October bulletins also contained the first security update for Windows 7, addressing ActiveX control issues as a result of components built using a flawed version of Microsoft Active Template Library.

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Exploit code targets Internet Explorer zero-day display flaw Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary