Number: IRCNE2013061866
Date: 2013/06/07
According to “computerworld”, Microsoft today said it will ship just five security updates next week, the fewest in any month so far this year, to patch 23 vulnerabilities in Internet Explorer (IE), Windows and Office.
The update for Office will address a bug that is now being exploited by hackers, a researcher claimed.The exploits have been distributed in malicious files sent to potential victims via email, Henry added.
According to the advanced notice Microsoft published Thursday, Office will be patched by Bulletin 5. Bulletin 5 will update Office 2003, the 10-year-old version that gets its retirement papers in April 2014.
"You don't need to wait until Tuesday to set your priorities," Storms said. "It's obviously [the] IE [update] at the top of the list."
Bulletin 1 will patch all supported versions of IE, ranging from the 12-year-old IE6 to 2012's IE10. Bulletin 1 was the only one pegged as critical. Henry said Bulletin 1 will patch 19 of the 23 vulnerabilities scheduled to be addressed next week in the five updates.
"If left unpatched, this vulnerability can cause remote code execution, which implies that an attacker can take control of the victim computer if the victim browses to a malformed website using IE," explained Amol Sarwate, director or Qualys' vulnerability lab, in an email. "Since the browser is a window to the Internet, IE users should apply this patch as soon as it is released."
The other three updates -- like Bulletin 5, labeled "important" by Microsoft -- affect Windows. Two of the three, however, are unusual in that while they don't affect Windows XP, the oldest of the client OSes, they will fix flaws in Windows 7, Windows 8 and Windows RT.
Microsoft will release next week's security updates on June 11 around 1 p.m. ET.
- 3