Only 2 'Important' Items for Microsoft's September Security Update

Microsoft's security update for the month of September arrived today with just two bulletin items. This is the lowest number of fixes Microsoft has issued since January 2011.

Both bulletin items repair elevation of privilege flaws for Microsoft Developer Tools and Microsoft Server Software. And because neither have been designated "critical" (both are rated "important'), only apply after proper testing has concluded.

"Neither of the issues addressed is known to be under active exploit in the wild -- and, on another positive note, neither bulletin requires customers to restart their machines," wrote Microsoft's Angela Gunn in a blog post.

While the urgency to apply these two bulletins isn't as high as last month's security update, which featured five critical items, security researchers are warning that these security flaws should not be ignored.

"Both of these bulletins are pretty low risk to most organizations; however, employees should never be allowed to browse the Internet or check e-mail from servers that this software could reside on," said Marcus Carey, security researcher at Rapid7, in an e-mailed response. "To be able to exploit these vulnerabilities, an attacker would craft a malicious link for a victim to click on, allowing them to compromise the victim's system. It's always a good idea to educate employees/ end-users on how to spot and avoid suspect links."

Along with today's security release, Microsoft sent word that it is currently working on an update for Internet Explorer 10 to include a security fix for Adobe Flash that was released last month.

About the Author

Chris Paoli is the site producer for and


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.