Microsoft “Patch Tuesday” to fix critical security flaws

By Graeme Burton
13 May 2014 View Comments
DDoS attack

Microsoft's latest "Patch Tuesday" will fix two critical security flaws - and six further bugs - in a total of five updates today.

However, none of the bugs will be addressed in Windows XP, which finally went out of support at the end of April, more than 12 years after it was first introduced. The security flaws will enable Windows XP - or any other unpatched Microsoft Windows system - to be exploited by remote code execution.

Further reading

One of the patches will address the critical flaw affecting all versions of the Internet Explorer web browser from IE6 to IE11. The other remote code execution flaw affects SharePoint Server 2007, 2010 and 2013, and will only be of interest to organisations rather than home users.

The third remote code execution security flaw, which is only deemed "important", not "critical", affects Microsoft Office versions 2007, 2010 and 2013. An attack exploiting the flaw would require a user to be persuaded to open an infected document.

"Attackers would use a document like that in a social engineering attack, which aims at convincing the user to open the document, for example by making it appear as coming from the user's HR department or promising information about a subject of interest to the user," wrote Wolfgang Kandek, chief technology officer of security specialists Qualys, in a blog posting.

The rest of the patches and bug fixes address vulnerabilities in Windows and the .NET Framework, a denial-of-service issue in Windows, and the final one addresses a security feature bypass in Microsoft Office.

At the same time, Adobe is preparing a new version of its Acrobat Reader software to address multiple security shortcomings in the PDF format, which has increasingly become an attack vector for hackers.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

25 %
45 %
10 %
20 %