Microsoft to roll out two critical security bug fixes
The Office, IE and Windows updates will be patched in the monthly Patch Tuesday fix
Microsoft will be rolling out seven updates in its Patch Tuesday fix, with two critical and five important.
The first three bulletins will fix vulnerabilities in Windows, IE, Office and Lync.
Last month, Microsoft was criticised for failing to fix the security hole, discovered in October 2013, at HP's Zero Day Initiative. The ZDI publicly discloses any patch that goes unfixed for six months as a matter of public interest.
Bulletin 2 of Microsoft's Patch Tuesday update fixes problems in Windows, Office and Lync while Bulletin 3 addresses remote access possibilities in Office.
This Patch Tuesday update will also include fixes that address Information disclosure in Windows and Lync Server (patches 4 and 5), denial of service attacks in Microsoft Windows (bulletin 6) and tampering in the Microsoft Windows system (bulletin 7).
This final patch doesn't appear very often in Windows' Patch Tuesday updates, but it allows remote hackers to make a security-related change that should activate security systems, but doesn't, such as installing an unsigned malware addition to digitally signed software or giving the impression of a signed website that is actually a rip-off of an existing certificate.
All seven patches may require a computer restart, with Windows XP the only system not needing to be reset, with bulletins 1, 2 and 6 all specifying you will need to restart in order for the patch to take effect, across all operating system versions.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download