MS Patch Tuesday heads-up: Critical flaws in Windows, Office

MS Patch Tuesday heads-up: Critical flaws in Windows, Office

Summary: Microsoft has announced plans to ship three security bulletins this month to cover at least four serious vulnerabilities in all supported versions of the Windows operating system.

SHARE:
TOPICS: Microsoft
41

Microsoft has announced plans to ship three security bulletins this month to cover at least four serious vulnerabilities in all supported versions of the Windows operating system.

According to an advance notice from Redmond, one of the bulletins will be rated "critical" while the rest will carry an "important" rating.  All three bulletins cover issues that could lead to remote code execution attacks, Microsoft said.

Affected software includes the Windows OS, Microsoft Office and Microsoft Groove 2007. follow Ryan Naraine on twitter

It is not yet clear if this Patch Tuesday batch of updates will include fixes for the recent Windows BROWSER protocol vulnerability that was publicly discussed in February.

Microsoft last week quietly shipped an update to fix a security flaw in the in the Microsoft Malware Protection Engine.   This engine powers Microsoft's range of anti-malware and security products (Forefront, Live OneCare, Security Essentials, etc.)

From an advisory issued last week:

Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.

Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the company said the the update was installed along with the updated malware definitions for the affected products.

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

41 comments
Log in or register to join the discussion
  • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

    Just another installment of the weekly train wreck that is Windows......
    WhatsamattaU
    • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

      @WhatsamattaU

      You should end the statement with three (3) dots, whatsamattau... Lack of education?
      rjshortt
      • LOL...

        @rjshortt

        Good one... That actually made me laugh...
        i8thecat
      • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

        @rjshortt Yeah, that's it. This from the poster who can't capitalize a proper name. Maybe we can focus on the topic. Wait, the topic is always the same, Windows is insecure. Never mind, no news here.
        WhatsamattaU
      • Didn't they just release SP1 a couple of days ago?

        The motherload of bloatware?

        I guess 2GB of crapware wasn't enough...
        search & destroy
      • 2GB?

        Stop spreading FUD.

        The 2GB was for every version available, and didn't take into account somebody actually patching their system throughout the last year and a half.
        Michael Alan Goff
      • 2GB of crap

        It even puts Apple's patches to shame...
        search & destroy
      • One person won't install

        x86
        x64
        IA64
        Michael Alan Goff
      • What are you rambling about?

        You been smoking pot again? ;)
        search & destroy
      • The 2GB ISO

        It includes every different version of SP1, for any type of computer. Are you honestly trying to tell me that one person would have to install all versions of SP1 on their computer?
        Michael Alan Goff
      • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

        @goff256

        Actually, I have installed all versions, 2 on 2008 R2 servers and 2 on Windows 7 workstations. All systems live in a test setup so we can find any issues before we start to worry about updating production environment systems. Though I must admit the Itanium box is not going to be a big worry since the only production Itanium server is retiring around the end of June -- oddly, the Opteron server replacing it is faster and more power efficient so our last non-x86.x64 server is going away.
        DNSB
      • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

        @rjshortt : Yup lack of education, friends, etc.
        Gis Bun
      • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

        @search & destroy : So where do you get 2GB from? The Win 7 SP1 [if you download from the updater] takes between 40MB and 100MB in 99% of the cases. Compare that with the 500+ MB for each and every Apple update EVERY two months. Microsoft uses a way to download just what the OS requires. Apple can't figure that out. Look at buggy and bloated iTunes. 100MB per update. They don't know how to patch software. so you need to update iTunes every couple of weeks. Spend more time updating a Mac that almost anything else.
        Gis Bun
    • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

      @WhatsamattaU : Let me guess Linux? Why do Linux zealots have nothing to do with their lives. They site in front of their Linux box complaining left and right. Nothing in a Linux blog to complain about? Head over to a Windows or Mac blog and complain more. Maybe you need a life? I guess you lack friends. With Linux accounting for 1% of the global OS share, who know how bad Linux would be with vulnerabilities if people used it.
      Gis Bun
  • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

    I love the banter going back and forth. I love how some of you clowns bash Windows. Yet, in my little daily update newsletter from ZD, three lines down the URL title reads "Apple plugs 57 major security holes in iTunes ". Now there is an option. 57 MAJOR security flaws in one application.
    DaCloud
    • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

      @DaCloud
      Yet you bash Apple, double standard.
      choyongpil
    • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

      @DaCloud / The fact that iTunes is crap doesn't exclude all other programs, operating systems, etc. from also being crap. It's not a competition to see who's favorite chunk of code is less crappy. While we're trying to keep score, just how many thousands of security flaws have been uncovered in Windows in its various incarnations over the last fifteen years? Is it really about the score, or the fact that there are some fundamentals about how Windows was put together that might have made sense when it was a toy used at home before the internet that make it so g.d. vulnerable today?
      WhatsamattaU
      • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

        @WhatsamattaU

        Are you implying other operating systems don't contain security vulnerabilities? If you really think this is the case, I suggest you visit secunia.com, and search for your favourite operating system.
        WilErz
    • RE: MS Patch Tuesday heads-up: Critical flaws in Windows, Office

      @DaCloud I downloaded a patch today for my OSx 10.6 machine that was about 675 mb. It was larger than my win 7 SP1 update. Downloaded a patch last Friday for it too.
      michael56555@...
  • EVERY system has security issues...

    I think the point is that unfortunately the trolls and bashers seem to jump in with "Microsoft sucks" or "whatever sucks" - how about "Thanks, Ryan for bringing that to my attention", or at least some other constructive comment. You know, that lack of civility in discourse!
    randysmith@...