Microsoft releases four critical security updates

Microsoft is to release four “critical” patches in its monthly Patch Tuesday security update according to the Advance Notice.

In total, Microsoft is expected to issue seven bulletins affecting all versions of its Windows operating system (OS), some Office components and also Mac OS X, through Silverlight and Office.

Bulletin one is the most important, as it fixes critical vulnerabilities in Internet Explorer versions 6 to 10 that could be used for machine takeover, said Wolfgang Kandek, chief technology officer at security firm Qualys.

Bulletin two addresses critical vulnerabilities in Microsoft Silverlight, both on Windows and Mac OS X. Silverlight is widely installed, particularly on end-user workstations to run media applications such as Netflix, said Kandek.

Bulletin three concerns a vulnerability in Visio and the Microsoft Office Filter Pack. “It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work. It will be interesting to see the attack vector for this vulnerability that warrants the 'critical' rating,” said Kandek.

The last critical bulletin is for Sharepoint server and concerns a vulnerability that allows elevation of privilege.

The three remaining bulletins are all rated “important” and apply to OneNote, Office 2010 for Mac and Windows itself, with an elevation of privilege vulnerability affecting all versions from XP SP3 to Windows 8 OS.

In the wake of the ZDI’s PWN2OWN competition at the CanSecWest security conference in Vancouver, Kandek said businesses can expect vulnerabilities to be release in the coming weeks.

PWN2OWN awards prizes ranging from $20,000 to US$ 100,000 to security researchers who can demonstrate vulnerabilities in Adobe Flash, Adobe Reader, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Oracle Java.