Microsoft to release seven security updates next week

Summary:Two of the seven are for at least one critical vulnerability. One of these affects an unusually broad collection of products.

Microsoft has released their advance prenotification for this month's Patch Tuesday updates. The company will release seven security bulletins and updates. Two of the updates will be for at least one critical vulnerability.

Bulletin one (which will likely be released as MS14-030) is a critical remote code execution Internet Explorer bug, affecting all versions of Internet Explorer, including IE11 in Windows 8.1. Like other such vulnerabilities, all server versions of Windows are affected, but at a lesser level of severity because IE runs, by default, in Enhanced Security Configuration. Server Core versions of Windows Server do not include IE and are not affected.

Bulletin two is unusual in that it affects a broad selection of both Windows and Office products. It is a remote code execution vulnerability and rated critical on all versions of Windows, Server Core included. It is also critical on Microsoft Live Meeting 2007 Console and all versions of Microsoft Lync, but not Lync Server. It is also rated Important for Office 2007 and Office 2010. Office 2013 appears not to be affected.

All the remaining vulnerabilities have a maximum rating of Important. Bulletin three affects only Office 2007 and Microsoft Office Compatibility Pack Service Pack 3.

Bulletins four and five describe information disclosure bugs in Windows and Lync Server respectively. Bulletin six is a denial of service bug in all Windows versions since Vista, and bulletin seven is a "tampering" bug, a type not often described. Windows 7, 8.x and Server 2012 are affected.

Topics: Security, Microsoft, Windows

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.