Microsoft is expected to release a security patch to address a Critical vulnerability

whoosh

whoosh

Cooler King
Staff member
Premium Supporter
Joined
Apr 15, 2009
Location
England
Link Removed - Invalid URL

Microsoft is expected to release a security patch to address a Critical vulnerability in IE8. For December, Microsoft is planning to release six new security bulletins that are expected different vulnerabilities in several Windows products. Some of the vulnerabilities are in Windows7, some in Internet Explorer 8, and some in Microsoft Office Products. On the office side the vulnerabilities affect Project, Word, and Worlks 8.5.
Microsoft Security Response Center



There is a range to the bulletins including three that are Critical and three that are considered Important. The Microsoft Security Bulletin Summary for December 2009 outlines these vulnerabilities:
  • Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution
  • Vulnerability in Microsoft Office Project Could Allow Remote Code Execution
  • Cumulative Security Update for Internet Explore
  • Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution
  • Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
  • Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution
Link Removed - Invalid URL Vulnerability Table

Proof of Concept for the security flaws was released to the public recently, which prompted Microsoft’s response. In computer security the term proof of conceptis often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage of some vulnerability. The zero-day, the day of release, means that the item in question, in this case the software IE8 has a weakness that has not been fully exploited. But for Microsoft the weakness will be addressed in the patch upgrade.
Link Removed - Invalid URL Vulnerability Table Windows 7

According to a Microsoft Spokesman, Jerry Bryant, security program manager, â€Â￾ The IE update maps to bulletin number 4 in the Link Removed due to 404 Error and will be at the top of our deployment priority list. The other critical update affecting Windows (bulletin number 1) will have a lower Exploitability Index rating, so while the impact is higher with a critical severity rating, the lower risk will drop the deployment priority down a little. The final critical update affecting Microsoft Project (bulletin number 3), is only critical for Project 2000. The other affected versions are important. That coupled with a lower Exploitability Index will also drive it down on the deployment priority list. Customers have asked us to map the numbered bulletins in the Link Removed due to 404 Error to the final bulletin ID’s after release so we will be doing that in the blog post here on Tuesday.â€Â￾
The vulnerability table for Server 2008
Link Removed - Invalid URL Vulnerability Table: Server 2008

The Office Suite Vulnerability Table:
Link Removed - Invalid URL Vulnerability Table: Office Suite
 
You must log in or register to reply here.

Similar threads

whoosh
NEWS Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
Replies
0
Views
621
whoosh
whoosh
News
Inspired by challenges in your workday: latest innovations and updates from Microsoft Edge
Replies
0
Views
1K
News
News
News
Announcing Windows 11 Insider Preview Build 25236
Replies
1
Views
2K
daopa
D
News
Remote work challenges inspire Windows 11 updates to increase productivity and lessen distractions
Replies
0
Views
2K
News
News
News
Available today: The Windows 11 2022 Update
Replies
0
Views
1K
News
News
Back
Top Bottom