Patch Tuesday heads-up: Microsoft readies 5 'important' security updates

Summary:Microsoft plans to issue five 'important' bulletins to fix flaws that could lead to code execution and privilege escalation attacks.

Microsoft plans to ship five security bulletins next Tuesday with fixes for serious security vulnerabilities that could lead to remote code execution attacks.

The updates, all rated "important," will provide fixes for security holes in the Microsoft Windows operating system, the Microsoft Office productivity suite and the Microsoft Server Software.

According to an advance notice issued by Redmond, the flaws could cause code execution of elevation of privilege attacks.  At least one of the bulletins will require a restart after installation.

The Windows OS updates will apply to all versions of the operating system, including the newest Windows 7 and Windows Server 2008 R2.

Despite the light Patch Tuesday and the absence of "critical" bulletins, Rapid7 security researcher Marcus Carey is urging IT administrators and Windows users to avoid downplaying this batch of patches.

“It's easy for organizations to gain a false sense of security during a light patch month and sometimes an attitude of complacency towards non-critical vulnerabilities is evident, but while there are no “critical” bulletins this month, organizations should not downplay the vulnerabilities being addressed. I know of organizations that have 30 day patch requirements for “critical” – which is too long in my opinion – and up to three months to patch “important” and below," Carey said.

While “important” vulnerabilities may not give attackers the full root privileges generally associated with “critical” vulnerabilities, Carey warns that an attacker can use an “important”-rated vulnerability to achieve an initial compromise and then escalate privileges by other means.

"By using an “important” vulnerability and other methods, attackers can still end up with the same result, and so it is essential that organizations understand that all five of these "important" bulletins can result in an escalation of privileges for the attacker, which is a serious matter and needs to be addressed quickly," he added.

Topics: Collaboration, Microsoft, Operating Systems, Security, Software, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.