MS Patch Tuesday heads-up: Critical flaws in Windows, Office

Summary:Microsoft has announced plans to ship three security bulletins this month to cover at least four serious vulnerabilities in all supported versions of the Windows operating system.

Microsoft has announced plans to ship three security bulletins this month to cover at least four serious vulnerabilities in all supported versions of the Windows operating system.

According to an advance notice from Redmond, one of the bulletins will be rated "critical" while the rest will carry an "important" rating.  All three bulletins cover issues that could lead to remote code execution attacks, Microsoft said.

Affected software includes the Windows OS, Microsoft Office and Microsoft Groove 2007.

follow Ryan Naraine on twitter

It is not yet clear if this Patch Tuesday batch of updates will include fixes for the recent Windows BROWSER protocol vulnerability that was publicly discussed in February.

Microsoft last week quietly shipped an update to fix a security flaw in the in the Microsoft Malware Protection Engine.   This engine powers Microsoft's range of anti-malware and security products (Forefront, Live OneCare, Security Essentials, etc.)

From an advisory issued last week:

Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.

Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the company said the the update was installed along with the updated malware definitions for the affected products.

Topics: Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.