News

Microsoft Preps Light October Security Update

Microsoft will be rolling out one "critical" and six "important" bulletins for October's security update, planned for Tuesday.

The lone critical fix will affect Microsoft Office and Microsoft Server Software, and will address a reported remote code execution flaw.   

Marcus Carey, security researcher at Rapid7, provided some more details on the critical fix:

"Bulletin 1, marked as critical, is a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps," said Carey in an e-mail. "This vulnerability required a victim to open up a malicious file or even preview a malicious file in Outlook Web Access. This vulnerability could result in the complete compromise of a system if exploited. Since this is an Office vulnerability this may affect both Windows and Macintosh users."

The six important items will take care of remote code execution, elevation of privilege and denial of service flaws found in Microsoft Office, Lync, Windows and Microsoft SQL Server.

Many security experts are suggesting that IT's focus should be on Microsoft's changing certificate encryption -- a change Microsoft has been alerting the public to for the past few months.

As we've been saying for the last several Patch Tuesdays, Microsoft is pushing out a patch that will break any encryption that is less than 1024-bit," said Paul Henry, security and forensic analyst at Lumension. "This patch has been optional since August and we hope you've taken the time to test it and patch it. It will no longer be an option starting on Tuesday. There are still a few days left if you haven't tested it, but don't let this be an 'I told you so' moment."

Specific details on the seven bulletin items will be available once the security update is released.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus