We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Microsoft readies massive Word, IE and ActiveX security patches

Next week's going to be very busy...

Windows administrators are going to be busy next week, as Microsoft plans to release a whopping 12 security patches for its products. The updates will include a fix for a widely reported vulnerability in Microsoft Word, as well as changes to the way Internet Explorer (IE) handles ActiveX that might cause headaches for some.

Nine of the patches will address vulnerabilities in the Windows operating system, some of which Microsoft rates critical. There will also be one "Important" fix for Microsoft Exchange, and two patches for Microsoft Office, including software that repairs the Word bug.

Last month hackers began emailing the Word malware to a handful of victims -- mostly within government agencies or contractors - in a series of extremely targeted attacks, said Johannes Ullrich, chief research officer at the SANS Institute.

But as knowledge of the Word flaw has spread, researchers like Ullrich fear that it may be used in a more widespread attack. The vulnerability can be exploited to run unauthorized software on PCs, although users must first be first tricked into opening a maliciously encoded Word document.

Unavoidable changes

Microsoft also plans to finalize changes to the way IE processes dynamic content using ActiveX. Microsoft is changing the way IE works in response to a 2003 patent lawsuit loss to the University of California and Eolas Technologies.

The changes will force developers to reprogram parts of their Web sites and intranets. Otherwise, IE will force users to click on a pop-up "tool tip" dialog box before being able to interact with things like Flash or QuickTime.

Microsoft has actually been rolling these changes into IE for months, but has offered users a "compatibility patch" that allowed IE to work on Web sites that had not been reprogrammed. With Tuesday's updates, though, there will be no way to avoid the ActiveX changes.

The biggest headache, however, will come from the sheer number of updates being released Tuesday, said Susan Bradley, chief technology officer with Tamiyasu, Smith, Horn and Braun, Accountancy Corp.

Complicating matters is the fact that these patches will be released in the middle of Microsoft's Tech-Ed user conference. "I'll be at Tech-Ed in Boston and deciding if I remotely patch over the weekend or not," Bradley said via email.


IDG UK Sites

Nexus 6 vs Sony Xperia Z3 comparison: Lollipop phablet takes on KitKat flagship smartphone

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...