News

'Critical' Office Fix To Highlight May Security Update

Microsoft's Patch Tuesday offering this month will feature three "critical" and four "important" bulletin items that will target 23 vulnerabilities.

Microsoft's Security Update will fix issues in Office, Windows, .NET Framework and Silverlight. As with every Advance Notification, details of the actual bulletin items won't be provided until after the patch release.

While the total number of bulletin items dispensed by Microsoft is low so far for this year (compared with the same timeframe last year), the number of vulnerabilities being addressed is higher. It's measured in terms of common vulnerability and exposures, or CVEs.

"CVEs correspond to the number of bugs fixed, and this year Microsoft is on a CVE streak," said Andrew Storms, director of security operation at nCircle. "With the 23 CVEs in May's patch, Microsoft's CVE count has already reached 70 for 2012. This time last year Microsoft issued just 59 CVEs."

A critical remote code execution bulletin for Microsoft Office tops the priority list this month. In fact, remote code execution flaw fixes will account for five of the seven May bulletins. The remaining two, which both fall under the important classification, will deal with elevation-of-privilege issues in Windows.

In other Patch Tuesday-related news, Microsoft announced today that it had found the party responsible for leaking proof-of-concept (POC) code for an RDE exploit ahead of its bulletin release in March.

"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," wrote Microsoft in a blog entry. "Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."

Microsoft also said that it is strengthening its patching and disclosure process to prevent something like this incident happening in the future.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus