Microsoft set to fix 20 bugs next Tuesday

Tools

From the light Patch Tuesday that took place last month, administrators can expect a somewhat busier October with seven security bulletins containing 20 vulnerabilities. As highlighted in the Advance Notification released yesterday, these flaws affect software such as Microsoft (NASDAQ: MSFT) Office, SharePoint Server, SQL Server, Windows, among others.

The majority of issues pertain to Microsoft Office, with the sole "critical" bulletin affecting Office 2003, 2007, 2010, the Word Viewer and Microsoft Office Web apps. The flaw is severe because the simple act of opening up a malicious document or previewing it in Outlook Web Access could lead to the remote compromise of their systems.

Paul Henry, security and forensic analyst for Lumension, pointed out how Microsoft is seeing the fruit of its security coding initiatives. There were 82 patches total at this point last year, compared to just 70 patches this year, according to Henry, who noted,"That's a pretty nice drop in vulnerabilities."

On October's patch lineup, Marcus Carey, security researcher at Rapid7, called it a "relief" that none of them requires immediate attention as they are not being exploited in the wild. The fact that the vulnerabilities were privately reported meant that "there isn't any publicly known exploit code for this month's bulletin cycle," says Carey.

Alex Horan, senior product manager of CORE Security is somewhat less sanguine. He drew attention to the amount of code reuse by Microsoft, observing how Bulletin 7 involves code reused in various versions since 2000.

Horan warned in an email, "When you look at the number of versions that are affected you quickly come to the determination that these vulnerabilities have existed for quite a long period of time and have potentially been abused without user knowledge throughout several generations of the software."

For more:
- check out this article at PCWorld

Related Articles:
Light Patch Tuesday expected in wake of certificate key length changes
5 critical, 4 important bulletins for August's Patch Tuesday

Filed Under