News

Microsoft delivers early warning with latest Patch Tuesday

Cliff Saran

Microsoft is updating its Patch Tuesday releases to give customers and security software firms advanced notice before hackers can exploit holes in Windows code.

“Microsoft will be giving select companies like Trustwave a few extra days of advance notification for the upcoming month of bulletins so that we have a little extra time to develop protections for our customers before the bad guys can reverse engineer the patches and come out with exploits,” said Ziv Mador, director of security research at Trustwave.

45724_SSL-security.jpg

Microsoft is also providing lists of malicious URLs, file hashes, incident data and relevant detection guidance as part of the revamped programme.

The latest Patch Tuesday release is likely to keep IT managers busy during the summer lull, with three critical updates included.

Microsoft said the critical patch to Internet Explorer security resolves 11 privately reported vulnerabilities. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer.

The second critical patch is designed to fix the Unicode Scripts Processor bug, which could allow remote code execution if a user views a specially crafted document or web page with an application that supports embedded OpenType fonts.

The third critical patch is for Exchange Server, which resolves three publicly disclosed vulnerabilities. The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. Microsoft said the vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange Server if a user previews a specially crafted file using Outlook Web App.

There are also several “important” patches to Windows Server, which, according to Mador, would require servers to be rebooted.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy