Five bulletins, two critical in Patch Tuesday this month


Microsoft will be releasing a total of five updates for March 2014, according to the latest Microsoft Security Bulletin Advance Notification that was released. The relatively lightweight update consists of two "critical" updates with the final three pegged as "important." Critical bulletins should be attended to as soon as possible and usually also require a system reboot.

The first of the critical flaws involves a recent zero-day vulnerability that was discovered in Internet Explorer 9 and Internet Explorer 10. Found by researchers from FireEye, the flaw was reportedly actively exploited by hackers. All it takes for vulnerable users to be infected is visiting a specially-crafted website with an unpatched browser.

In a way, the second critical bulletin is the more severe of the two: Bulletin 2 impacts every version of the Windows operation system out there. This includes legacy code in Windows XP and Vista as well as current systems such as Windows 7, Windows 8 and Windows 8.1.

Bulletin 3 and Bulletin 4 address an elevation of privilege flaw and security feature bypass in Windows, while the final bulletin updates Silverlight. Though no longer under development by Microsoft (NASDAQ: MSFT), Silverlight will receive support through October 2021. Do note that this update impacts both Windows and Mac endpoints.

For more:
- check out this article at Threatpost
- check out this article at ZDNet

Related Articles:
Last minute Patch Tuesday decision adds 2 Windows XP updates for Microsoft
Microsoft issues 8 security bulletins, but postpones zero-day fix