News

Microsoft Preps Light October Security Update

Microsoft will be rolling out one "critical" and six "important" bulletins for October's security update, planned for Tuesday.

The lone critical fix will affect Microsoft Office and Microsoft Server Software, and will address a reported remote code execution flaw.   

Marcus Carey, security researcher at Rapid7, provided some more details on the critical fix:

"Bulletin 1, marked as critical, is a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps," said Carey in an e-mail. "This vulnerability required a victim to open up a malicious file or even preview a malicious file in Outlook Web Access. This vulnerability could result in the complete compromise of a system if exploited. Since this is an Office vulnerability this may affect both Windows and Macintosh users."

The six important items will take care of remote code execution, elevation of privilege and denial of service flaws found in Microsoft Office, Lync, Windows and Microsoft SQL Server.

Many security experts are suggesting that IT's focus should be on Microsoft's changing certificate encryption -- a change Microsoft has been alerting the public to for the past few months.

As we've been saying for the last several Patch Tuesdays, Microsoft is pushing out a patch that will break any encryption that is less than 1024-bit," said Paul Henry, security and forensic analyst at Lumension. "This patch has been optional since August and we hope you've taken the time to test it and patch it. It will no longer be an option starting on Tuesday. There are still a few days left if you haven't tested it, but don't let this be an 'I told you so' moment."

Specific details on the seven bulletin items will be available once the security update is released.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.