Windows 8 Start

Patch Tuesday to issue 16 security advisories

Life
Image: Microsoft

10 November 2014

Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows.

Generally, Microsoft alternates between patching Windows and updating applications in order to keep down the number of machines that need attention each month. This batch includes critical updates for .NET Framework, Office 2007, Exchange and SharePoint.

Also in the mix this month is Windows 10, formally Windows Technical Preview, which is in line for five updates ranked critical, says Goettl. “It would be a good idea to run this and see how well the patches apply. The updates will be available through Windows Update and Microsoft is encouraging people to apply them,” he says.

Here is his summary of these bulletins:

Bulletin 1 is rated critical for all version of Windows and has RCE potential, ie the type of vulnerability that allows an attacker to take control over the affected machine.
Bulletin 2, critical as well and covers all versions of Internet Explorer IIE from IE6 on Windows 2003 to IE11 on Windows 8.1.
Bulletin 3 addresses an RCE type vulnerability present in all version of Windows and is critical to patch as soon as possible.
Bulletin 4 covers a vulnerability that is rated critical on desktop systems and important on server operating systems.
Bulletin 5 is rated critical on server operating systems but has no criticality rating on desktop systems, even though they seem to contain the vulnerability.

The advanced security bulletins include nine that are ranked important, which means they require user action in order to be exploited. They address vulnerabilities in Windows, Windows Server, Exchange, and .NET Framework. Possible exploits include elevation of privilege, remote code execution, security feature bypass and information disclosure.

The remaining bulleting is ranked moderate and could result in denial of service attacks against Windows.

Tim Greene, IDG News Service

Read More:


Back to Top ↑

TechCentral.ie