Microsoft plans to release eight security bulletins next week as part of its Patch Tuesday release.
According to its Security Bulletin Advanced Notification, the company has two ‘critical’ bulletins on tap for next week, affecting Microsoft Server Software, Productivity Software, Windows and Internet Explorer. The remaining six bulletins are classified as ‘important’.
“The busy month comes just one-week after the out-of-band patch for IE, MS14-021, released by Microsoft May 1,” said Russ Ernst, director, product management at Lumension. “Interestingly, a critical fix for IE is first on the advance notification list this month too. The bad guys continue to wage war on what remains one of the most popular browsers so, for organizations that rely on it, IT needs to patch monthly, at a minimum.”
SharePoint users will want to pay close attention to the second critical bulletin, which impacts 2007, 2010 and 2013 and Microsoft Web Apps, he said.
Qualys CTO Wolfgang Kandek blogged that the second bulletin allows for remote code execution, and should be high on an organization’s patch list in particular if any of the affected platforms are exposed to the Internet.
“The remaining bulletins,” Ernst noted, “are rated important and impact a wide-range of software categories. Bulletin 3 is a possible remote code execution that hits Office; bulletin 4 is for most versions of Windows. Windows and the .NET framework are covered off in bulletin 5 with an elevation of privilege issue. The sixth and seventh bulletins impact most versions of Windows with elevation of privilege and denial of service issues respectively. The last bulletin addresses a security feature bypass issue in Office.”
In addition to the Microsoft advisory, Adobe Systems statedit plans to release updates for Adobe Reader and Acrobat XI (11.0.06) and earlier for Windows and Macintosh next week. Both the Microsoft and Adobe updates will be released May 13.
Earlier this month, Microsoft released an out-of-band patch to fix a critical Internet Explorer vulnerability that had come under attack.
Tweet
Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:Shadow IT Risk Highlighted in Security ReportMicrosoft Plans to Release 8 Security Bulletins for May Patch TuesdayVulnerability Disclosures Increased in Second Half of 2013: MicrosoftWindows Authentication Protocol Allows Deactivated User Accounts to Live On: ReportAPT Attacks Can Be Launched Using Basic Skills: Imperva
sponsored links
Tags: NEWS INDUSTRY
Vulnerabilities
