Patch Tuesday heads-up: Critical MS Office security holes

Patch Tuesday heads-up: Critical MS Office security holes

Summary: The November Patch Tuesday will feature just three bulletins with fixes for a total of 11 documented vulnerabilities.

SHARE:

After last month's record-breaking security patch release, Microsoft is offering a November respite.

The November Patch Tuesday will feature just three bulletins with fixes for a total of 11 documented vulnerabilities.  One of the bulletins will be rated "critical," Microsoft's highest severity rating.

According to an advance notice from Redmond, two of the bulletins will address security holes in Microsoft Office, the widely deployed desktop productivity suite.follow Ryan Naraine on twitter

The third bulletin, rated important, will address security flaws in the Microsoft Forefront Unified Access Gateway product.

The Microsoft Office update is noteworthy because it is rare to see an Office update with a "critical rating."

Qualys CTO Wolfgang Kandek points out that most vulnerabilities on the Office suite are categorized as "Important" because they typically require user interaction to get a successful exploitation.

"Critical" here indicates a vulnerability that can be used to take control of the target machine without user interaction, such as MS10-064, where visualizing an e-mail in Outlook's preview pane was sufficient to trigger the flaw," Kandek said.

The patches are due for release around 2PM EST on November 10, 2010.

Topics: Security, Collaboration, Microsoft, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • RE: Patch Tuesday heads-up: Critical MS Office security holes

    I long for the good old days of text based EMail and attachments when necessary.
    dev/null
    • Can i have an "Amen", brothers and sisters? (nt)

      @dev/null nt
      fairportfan
  • RE: Patch Tuesday heads-up: Critical MS Office security holes

    Why do they call it "Patch Tuesday" if they're not releasing the patches until "around 2PM EST on November 10, 2010"?
    jlgillespie@...
    • It's always Tuesday somewhere...

      NT
      jasonp@...
      • No it's not

        @jasonp@... Uh no?
        xSteven777x
      • Wow

        @jlgillespie...Since you can't buy a clue and recognize humor, you can borrow mine. I'll need it back before next week.
        jasonp@...
    • RE: Patch Tuesday heads-up: Critical MS Office security holes

      @jlgillespie@...

      This is an advance notification of security bulletins that Microsoft is intending to release on November 9, 2010.

      From the advance notice link.. I'm guessing the Nov 10 date was a mistype.
      Cyrorm
  • RE: Patch Tuesday heads-up: Critical MS Office security holes

    Whats with the sensationalist headline? Only one of these is marked as critical.
    Loverock Davidson
    • Maybe Ryan wanted everyone to take it seriously

      @Loverock Davidson
      That one critical bug affects all versions of MS Office XP, 2003, 2007 and 2010.

      Now you know why the Department of Defense is still testing Windows 7

      Thank your Ryan Naraine, The patch date is the 9th
      (May or may not get patch before that date)
      daikon
    • RE: Patch Tuesday heads-up: Critical MS Office security holes

      @Loverock Davidson

      It generates hits and I have a feeling that the person who wrote the article is paid via the number of hits he brings to his article. Its pretty much a non-issue but that won't stop the anti-Microsoft hatemongers out there.
      Macintoshtoffy
      • non-issue...

        I'm glad you've alerted the world to the fact that even though Microsoft rates a patch as "critical", it' really a non-issue. I'll make sure everyone knows that they don't have to apply this round pf patches. Thanks for the heads up.
        jasonp@...
      • RE: Patch Tuesday heads-up: Critical MS Office security holes

        @jasonp

        You're an idiot, I never said that it wasn't required - I simply stated that you shouldn't get all worked up about it; have some bloody perspective for once in your miserable life.
        Macintoshtoffy
  • RE: Patch Tuesday heads-up: Critical MS Office security holes

    As to Tuesdays being the patch release days did you ever notice that Tuesdays are when new home videos VHS/DVDs/BluRays are released; Fridays are when new films debut in theatres? So Tuesday's as good a day as any I suppose. Oh yeah and PGA Tourney qualifying begins on Tuesdays as well.

    I know what MS Office is because I use OpenOffice myself and like it better than MS Office which I used with W95 to W Vista when I got OO instead.

    However, what exactly is Microsoft Forefront Unified Access Gateway product and how do I know if I have it? If I don't I really shouldn't DL/install any of these patches- right? I run W 7 on HP Pavilion using FF, Opera, IE9 and Chrome but Chrome's my default browser. Thanks for your patience- keimanzero
    keimanzero
    • New comics...

      @keimanzero ...arrive in comic shops on Wednesday.

      Office is altogether too bloated. I can accomplish everything i'd be likely to do with Office with two or three non-"integrated" packages that, in total, cost me a lot less.
      fairportfan
  • RE: Patch Tuesday heads-up: Critical MS Office security holes

    Well, once again, Microsoft knows it's better to let people know, rather than cower and try to hide. Thanks Microsoft! Oh, by the way, I see where your Windows Phone 7 has sold out a second time. Now you have people lining up to make reservation in order to ensure they receive your new innovative wonder. You guys are on a roll. Good on ya!
    eargasm
  • RE: Patch Tuesday heads-up: Critical MS Office security holes

    @windozefreak - The brand name OpenOffice has now reverted back to Oracle/Sun, who own the name OpenOffice and you now need to jump through hoops to register it and it's not free as it incures cell phone text charges to obtain a registration code.<br><br>The new version of open source Office is LibreOffice located at www.documentfoundation.org, it's in Beta form but I've found it works very, very well and overwrites OpenOffice upon installation.<br><br>I also use MS Office 2010 (Student version) but never, ever use Outlook or Outlook Express, there's always been security issues with them, I'd rather stick to web-based e-mail.

    P.S. Patch Tuesday has always been the second Tuesday of the month since MS decided to issue updates monthly.
    Snoopytooth
    • RE: Patch Tuesday heads-up: Critical MS Office security holes

      @Snoopytooth

      Stop lying, I went to openoffice.org and you can download OpenOffice.org for free without needing to register or do anything.
      Macintoshtoffy
    • confirmed - OpenOffice still 100% free

      @Snoopytooth - I just DL'd and installed v3.2.1 no reg or anything you mentioned.

      Many times the "average windows user" running XP has asked me to reinstall due to malware infestation, if they don't provide any disks I always provide OpenOffice and Mozilla Thunderbird for them.
      ~doolittle~
    • And that's the Micro$oft shills blatant lie for the week

      And next week folks, a new episode of Redmondloonytoons...
      ahh so