News

Microsoft Readying 3 Security Updates for Windows 8

According to Microsoft's security update advance notification for November, there will be four "critical," one "important" and one "moderate" bulletin items released this coming Tuesday.

The four critical items will target flaws in Microsoft Windows, Windows Server, Internet Explorer and Microsoft .NET Framework.

Less than two weeks after the release of Windows 8 and RT, remote code execution (RCE) issues in both products will be addressed in three of the four critical updates.  

Bulletin one, a critical update for Internet Explorer, and bulletin 5, a critical fix for multiple Windows products (including Windows 8) should be the top priority for IT, according to Paul Henry, security and forensic analyst for Lumension.

"Bulletin 5 is an interesting one, because it's a true type font issue. It resolves three vulnerabilities, the worst of which is a remote code execution," said Henry in an e-mailed response. "Microsoft has been dealing with font issues for a while. True Type Fonts can be embedded all over the place and Windows kernel mode driver renders the font. If these fonts are embedded in a browser or a Word document, for example, it's rendered in the kernel mode driver and winds up becoming a kernel mode exploit. An authenticated, low-rights user could visit a website, the font gets rendered, and it gets rendered as 'system.' This is a very effective attack mode, so Microsoft likes to close out font issues quickly. This is as high a priority as Bulletin 1. Those two bulletins will be the two biggest attack vectors in this batch."

Rounding out the projected bulletin items for the month is an important RCE fix for Microsoft Office and a rare moderate (second-lowest severity rating) information disclosure fix for Windows.

In other Microsoft security update news, Adobe announced this week that it will be realigning future security fixes for its Flash player to coincide with Microsoft's releases (scheduled for every second Tuesday of the month). This is seen to help provide timely security updates for Internet Explorer 10 running on Windows, which has Flash integrated into the Microsoft Web browser for the first time in the product's history.

Specific details on the six bulletin items will be available once the security update is released.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

comments powered by Disqus