We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft to patch 10 bugs next week

Critical IE8 flaw among those being fixed

Microsoft has revealed it will offer 10 updates when it releases its monthly security update next week.

"We're back to a normal load," said Andrew Storms, director of security operations at nCircle Network Security.

"Some may think of it as pretty big, but really, for anyone who's dealt with Patch Tuesday for the last five years, it's what we should be expecting."

Last month, Microsoft issued just one security update, a 14-patch fix for PowerPoint.

Of the 10 updates, six will affect Windows, and one each will patch problems in Internet Explorer (IE), Word, Excel and Microsoft Office. Six of the 10 were marked 'critical', Microsoft's highest threat ranking, while three were judged 'moderate' and one as 'important'.

"The red flag is going to be [the] IE [update]." said Storms. "It's critical, it's on all versions [of Windows], and it's even critical in Vista for IE7 and IE8."

IE8 is Microsoft's most security-conscious browser yet. Next week's update will provide the first-ever production patches for IE8.

Storms also pointed out that it looks like Microsoft won't protect Mac users this month.

"We don't have the PowerPoint for the Mac patches," he said after reviewing the advance notice. Last month, Microsoft took the unusual step of patching the Windows versions of PowerPoint, but not the Mac editions, saying that it didn't want to postpone the update to await Mac fixes.

Attackers had been exploiting the PowerPoint bug in Windows since at least early April. "[But] none of the exploit samples we have analysed will reliably exploit the Mac version, so we didn't want to hold the Windows security update while we wait for Mac packages," Jonathan Ness, an engineer at the Microsoft Security Response Center, explained.

However, Swa Frantzen, an analyst at SANS Institute's Internet Storm Center (ISC), said Microsoft was breaking its own rules about "responsible disclosure" by letting the Mac patches slide.

"We all know from past experience [that] the reverse engineering of patches back into exploits starts at the time - if not before - the patches are released," said Frantzen. "So in the end, Microsoft just released what hackers need to attack."

Other recently-acknowledged bugs may or may not get fixed next week, said Storms. He was pessimistic about Microsoft patching a problem in DirectX that the company confirmed only last week; the bug is actively being exploited by hackers, according to Microsoft.

"It's going to be an all-eyes forward on the IE update. That's the red flag for June," added Storms.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite