News

'Critical' Office Fix To Highlight May Security Update

Microsoft's Patch Tuesday offering this month will feature three "critical" and four "important" bulletin items that will target 23 vulnerabilities.

Microsoft's Security Update will fix issues in Office, Windows, .NET Framework and Silverlight. As with every Advance Notification, details of the actual bulletin items won't be provided until after the patch release.

While the total number of bulletin items dispensed by Microsoft is low so far for this year (compared with the same timeframe last year), the number of vulnerabilities being addressed is higher. It's measured in terms of common vulnerability and exposures, or CVEs.

"CVEs correspond to the number of bugs fixed, and this year Microsoft is on a CVE streak," said Andrew Storms, director of security operation at nCircle. "With the 23 CVEs in May's patch, Microsoft's CVE count has already reached 70 for 2012. This time last year Microsoft issued just 59 CVEs."

A critical remote code execution bulletin for Microsoft Office tops the priority list this month. In fact, remote code execution flaw fixes will account for five of the seven May bulletins. The remaining two, which both fall under the important classification, will deal with elevation-of-privilege issues in Windows.

In other Patch Tuesday-related news, Microsoft announced today that it had found the party responsible for leaking proof-of-concept (POC) code for an RDE exploit ahead of its bulletin release in March.

"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," wrote Microsoft in a blog entry. "Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."

Microsoft also said that it is strengthening its patching and disclosure process to prevent something like this incident happening in the future.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.