Only 2 'Important' Items for Microsoft's September Security Update
Microsoft's security update for the month of September arrived today with just two bulletin items. This is the lowest number of fixes Microsoft has issued since January 2011.
Both bulletin items repair elevation of privilege flaws for Microsoft Developer Tools and Microsoft Server Software. And because neither have been designated "critical" (both are rated "important'), only apply after proper testing has concluded.
"Neither of the issues addressed is known to be under active exploit in the wild -- and, on another positive note, neither bulletin requires customers to restart their machines," wrote Microsoft's Angela Gunn in a blog post.
While the urgency to apply these two bulletins isn't as high as last month's security update, which featured five critical items, security researchers are warning that these security flaws should not be ignored.
"Both of these bulletins are pretty low risk to most organizations; however, employees should never be allowed to browse the Internet or check e-mail from servers that this software could reside on," said Marcus Carey, security researcher at Rapid7, in an e-mailed response. "To be able to exploit these vulnerabilities, an attacker would craft a malicious link for a victim to click on, allowing them to compromise the victim's system. It's always a good idea to educate employees/ end-users on how to spot and avoid suspect links."
Along with today's security release, Microsoft sent word that it is currently working on an update for Internet Explorer 10 to include a security fix for Adobe Flash that was released last month.