Patch Tuesday: Microsoft to fix four critical flaws, all versions of IE at risk again
Summary: Prepare your systems (and a strong pot of coffee): Patch Tuesday is on deck for another month. Microsoft will release patches for seven security vulnerabilities, four of them considered 'critical.'
Microsoft will release seven fixes next week for Windows, Internet Explorer and Office, as well as a small handful for Windows Server and Silverlight, to address a number of security vulnerabilities.
The software giant warns that four of the patches will fix 'critical' vulnerabilities.
Three of the four 'critical' flaws affect Windows, Internet Explorer, Office, Windows Server and SharePoint, which could all lead to remote code execution—such as allowing hackers access to install malware without user prompts or permission. The flaws rated 'important' could lead to an elevation of user privileges or the disclosure of user data or personal information.
The most worrying vulnerability affects all versions of Windows XP (Service Pack 3) and above, including Vista, Windows 7 and Windows 8—including tablets running Windows RT—along with all versions of Internet Explorer 6 and above.
A second flaw relates to Silverlight, a popular Web plug-in used in replacement of Flash—often used by Netflix users—will also require patching to address a critical vulnerability that affects both Windows and Apple OS X machines.
The third 'critical' flaw affects Visio, an Office application, as well as a separate flaw in the Office Filter Pack.
The fourth and final 'critical' update fixes a flaw that would allow an elevation of user privileges in SharePoint, Microsoft's Web-based content management (CMS) and portal service. An elevation of privileges would potentially allow a hacker to access an administrative account even if a user is logged in, granting them access to a far greater spread of system files or networked shares.
The remaining 'important' bulletins also include Mac users running Office for Mac 2008 and 2011. Another flaw that would allow an elevation of privileges in Windows XP SP3 up to Windows 8 will also be stamped out by the updates. OneNote 2010 is also affected by a 'important'-rated vulnerability.
Microsoft doesn't release the full details of the vulnerabilities until patches are made available.
This should serve as an advisory notice for the upcoming Tuesday, March 12, when the patches are released through the usual update channels.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
... for the upcoming Tuesday, March 13,
Good point!
Where are Zdnets usual THREE STOOGES today
Moe = toddbottom3
Curley = Owlll1net
All three chimed in again with their usual FUD how Microsoft is the greatest.
They also FAIL to explain why Steve Ballmer even calls Surface RT a FAIL.
Surface and W-* are an example of Microsoft greatness = NOT
Be nice
Personal attacks are *not* cool
:)
The Three Stooges? Really?
Hell, you're praising the three by calling them one of America's greatest comedy groups.
Anyhow, have a Flag.
"Without limiting any other provision in these Terms, you may not use the Services to do the following or assist others to do the following:
• Threaten, defame, stalk, abuse, or harass other persons or engage in illegal activities;"
"Without limiting any other provision in these Terms, ..."
Are you new to forums or are you naturally clueless?
Another patch tuesday
Isn't this a good thing, that they're fixing their products?
Good thing? Bad think?
"Isn't this a good thing, that they're fixing their products?"
It would be a better thing if they would sell products without the special Microsoft guarantee. To wit:
"We of Microsoft guarantee that every product we sell will be vulnerable to malicious attack. We further guarantee that if you use our software your computer WILL be compromised, unless you use and keep current several third-party security programs, and sometimes even if you do. Each week we will close a few security flaws in our software via patches, but we guarantee there will still be more vulnerabilities, which we will close as they come to our attention."
It's nice that Bill Gates hires the mentally handicapped. It would be nicer if he didn't have them writing the software he sells.
I'm going to let you in on a secret
Linux has security flaws.
Every piece of software ever made has security flaws.
remote code execution
---------------
* those Gbs do mean A LOT, it's not those bloaty 12gb Windows RT, you know.
Huh?
Not a bad thing, it just is.
did you know
And where did I say "patches"?
My LMDE roll-release can get 900mb of "patches" about every 6 months. The / dir, where system resides (and /home is external to that) is only 6.6gb right now, with full Libreoffice, GNU Emacs and a bunch of other things.
Hmmm
That's crap about 40gb worth of repositories, unless you have so many extra software repos on your system (which doesn't matter, since you're also updating third party software like Firefox).
The average repository list isn't even 100mb in grand total.
translating this for
Comprenez-vous maintenant, monsieur?
Yes, 40 gb is crap
:|
What?
#!/bin/bash
#compute the total size in gbs of available pckgs in the #enabled Debian repositories as reported by apt-cache
LIST=$(apt-cache search '.*' | awk 'BEGIN{ORS=" "}{print $1}')
apt-cache show $LIST |\
awk '
{
if(gsub(/^Size: /,"")){sum+=$0;}
}
END{printf "The total size is %.4f gb\n",sum/2^20;}'
On my old Ubuntu system it outputs:
The total size is 51436.8928 gb
On the new LMDE (Linux Mint Debian Edition):
The total size is 47549.6729 gb
I'm trying to find something relevant to what you're saying
"Good thing? Bad think? "
they fixing their products
The problem with Windows is that both the design and the implementation are bad.