Patch Tuesday to fix four critical flaws in Windows, IE, Office

Patch Tuesday to fix four critical flaws in Windows, IE, Office

Summary: September's roundup of Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, and Internet Explorer, but also Microsoft Office.

SHARE:
7
microsoft-office-2013-9802
Many versions of Microsoft Office will be patched this month, as bugs with the productivity suite affect half of all security bulletins. (Image: CNET)

Microsoft will release 14 patches on Patch Tuesday — arriving on its namesake day this week — with four of them rated critical.

The software giant said in its latest advanced security bulletin that the most severe security flaws have been found in Microsoft Office, Windows, Internet Explorer, and Windows Server. 

In all, there are eight remote code execution flaws, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission. 

With half of all the patches applying to the company's productivity suite — Office 2007 (Service Pack 3) and Office 2010 (Service Pack 1) are affected — users are advised to patch their systems as soon as possible. The latest Office 2013 release is not affected, however. 

Another round of patches will fix flaws in Windows Server 2003, and Windows XP, which will be phased out of the company's support cycles in April 2014.

Internet Explorer 6 on Windows XP through to Internet Explorer 10 on Windows 8 and RT-based devices face another round of patches. Server-based versions of the browser are rated "moderate," but should still be patched sooner rather than later.

Last month, Microsoft pulled a number of Patch Tuesday updates after server-based Active Directory Federation Services (ADFS) stopped working. The patches were withdrawn after Windows Server 2008 and 2012 users complained.

Microsoft is also expected to issue a number of non-security related fixes to its Surface Pro and Surface RT tablets.

The security fixes will be released on September 10 through the usual update channels, such as Windows and Microsoft Update.

Correction at 1:30 p.m. ET: Updated end-of-support for Windows XP.

Topics: Security, Browser, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • End-of-Support Correction

    Microsoft lists Windows XP and Office 2003 at end-of-support in April 2014. Windows Server 2003 reaches end-of-support in July 2015. Thanks.
    peter@...
    • Tweaked

      Thanks!
      zwhittaker
    • safer xp

      After the support date is reached, it's safer to run XP in a VM such as in Virtualbox with no internet connection. Or use a software software such as Aikotech ThinServer to run it remotely with no internet connection
      ThinkFairer8
  • In all, there are eight remote code execution flaw

    How can the title say "Patch Tuesday to fix four critical flaws in Windows, IE, Office", yet the says "In all, there are eight remote code execution flaws, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission. "? I would consider any "flaw", that "can allow hackers to gain access to, or take control of an affected system without user prompts or permission.", as highly critical, regardless of the OS. I call this sloppy reporting, or in ZDNet's case blogging.
    Troll Hunter J
  • One more that was pulled...

    MS13-063/KB 2859537 was also pulled from auto-update after folks were complaining of BSOD's (including yours truly). The KB article indicates that they are still looking at it, though don't believe there have been any updates since the original statement was issued.
    DavePi
    • MS13-063 looks like a "privilege escalation" vulnerability.

      And an unpatched one at that, seeing as the patch has been pulled. Good thing there are no "remote execution" bugs to combine it with.

      Oh, wait... ;-)
      Zogg
  • Word 2010 Starter

    After the 9-10 update, my computer says I no longer have Word Starter 2010. Thanks Microsoft.
    dwbaz