Microsoft to roll out two critical security bug fixes

The Office, IE and Windows updates will be patched in the monthly Patch Tuesday fix

Patch Tuesday

Microsoft will be rolling out seven updates in its Patch Tuesday fix, with two critical and five important.

The first three bulletins will fix vulnerabilities in Windows, IE, Office and Lync.

The first patch will fix a vulnerability, known as CVE-2014-1770 in Internet Explorer 8. The vulnerability allows hackers to access Internet Explorer remotely using an arbitrary JavaScript code execution if the user visit a malicious website or downloads an untrusted file.

Last month, Microsoft was criticised for failing to fix the security hole, discovered in October 2013, at HP's Zero Day Initiative. The ZDI publicly discloses any patch that goes unfixed for six months as a matter of public interest.

Bulletin 2 of Microsoft's Patch Tuesday update fixes problems in Windows, Office and Lync while Bulletin 3 addresses remote access possibilities in Office.

This Patch Tuesday update will also include fixes that address Information disclosure in Windows and Lync Server (patches 4 and 5), denial of service attacks in Microsoft Windows (bulletin 6) and tampering in the Microsoft Windows system (bulletin 7).

This final patch doesn't appear very often in Windows' Patch Tuesday updates, but it allows remote hackers to make a security-related change that should activate security systems, but doesn't, such as installing an unsigned malware addition to digitally signed software or giving the impression of a signed website that is actually a rip-off of an existing certificate.

All seven patches may require a computer restart, with Windows XP the only system not needing to be reset, with bulletins 1, 2 and 6 all specifying you will need to restart in order for the patch to take effect, across all operating system versions.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020