News

Microsoft Preps Light October Security Update

Microsoft will be rolling out one "critical" and six "important" bulletins for October's security update, planned for Tuesday.

The lone critical fix will affect Microsoft Office and Microsoft Server Software, and will address a reported remote code execution flaw.   

Marcus Carey, security researcher at Rapid7, provided some more details on the critical fix:

"Bulletin 1, marked as critical, is a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps," said Carey in an e-mail. "This vulnerability required a victim to open up a malicious file or even preview a malicious file in Outlook Web Access. This vulnerability could result in the complete compromise of a system if exploited. Since this is an Office vulnerability this may affect both Windows and Macintosh users."

The six important items will take care of remote code execution, elevation of privilege and denial of service flaws found in Microsoft Office, Lync, Windows and Microsoft SQL Server.

Many security experts are suggesting that IT's focus should be on Microsoft's changing certificate encryption -- a change Microsoft has been alerting the public to for the past few months.

As we've been saying for the last several Patch Tuesdays, Microsoft is pushing out a patch that will break any encryption that is less than 1024-bit," said Paul Henry, security and forensic analyst at Lumension. "This patch has been optional since August and we hope you've taken the time to test it and patch it. It will no longer be an option starting on Tuesday. There are still a few days left if you haven't tested it, but don't let this be an 'I told you so' moment."

Specific details on the seven bulletin items will be available once the security update is released.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Exchange Server June Cumulative Updates Arrive, but with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • AI-Driven Solution Tracks Packets Through the Datacenter

    Datacenter solutions vendor Kaloom this week unveiled a new offering the company says will enable the development of "self-driving" datacenter networks.

  • Microsoft Previews Azure Bastion Service for Private VM Access

    Microsoft on Tuesday announced a preview of the Azure Bastion service, which lets a user connect to an Azure virtual machine (VM) using a private Internet connection.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.