Microsoft Patches 8 Critical Security Flaws
The second largest patch Tuesday has arrived, with Microsoft issuing fixes for 8 critical security flaws, and a host of other non-criticals, in a number of their products. Today’s set of patches offered the greatest number since February 2005, and is the second largest overall.
Out of the eight critical fixes, 2 resolve Internet Explorer vulnerabilities, 1 is for Windows Media Player, 2 are for the Windows operating system itself, 1 is for Word and 1 is for PowerPoint. The Word patch reconciles a major security issue regarding a highly-publicized zero-day exploit, which has already used in conjunction with a number of attacks. The vulnerability can be exploited after a user opens a specially crafted Word file with a malformed object pointer, allowing for code execution.
There is also a cumulative patch for Internet Explorer, which fixes five code execution vulnerabilities, a spoofing flaw, and an issue that could pose both an information disclosure or spoofing risk. Modifications to the way that Internet Explorer handles ActiveX controls is also included in the IE cumulative update.
It is highly recommended that all organizations take the necessary steps required in order to install these patches, especially considering the critical exploits that they resolve.