Microsoft Only Fixing 15 Bugs In Next Patch Tuesday

Microsoft plans to patch 15 vulnerabilities in Microsoft Windows, Office and Server software as part of the September Patch Tuesday release.

Microsoft will release five security bulletins, all of which are rated “important”, according to the Microsoft Security Bulletin Advance Notification. The fact that none of the patches were rated “critical” is unusual.

Microsoft defines patches as “important” if the bugs require some kind of user-intervention to execute the malicious payload, such as tricking the user into visiting a malicious Website and downloading malware.

Patches Should Be Applied Quickly

The September release is fairly light and a welcome change from the last few months in which Microsoft issued an average of more than 10 bulletins. In August, Microsoft issued patches for 22 vulnerabilities in 13 bulletins.

Even though none of the September vulnerabilities are rated critical, administrators should still quickly deploy the patches, Paul Henry, a security and forensic analyst for Lumension, told eWEEK.

Organisations can “gain a false sense of security” during light months and sometimes adopt “an attitude of complacency” towards vulnerabilities if they are not rated as critical, Marcus Carey, a security researcher at Rapid 7, told eWEEK. Many organisations allow IT departments to take up to three months to patch “important” vulnerabilities, he said.

Attackers may not be able to gain full root privileges over target machines through “important” vulnerabilities, but they can exploit the bugs to get in the door, according to Carey. After the initial compromise, attackers can use other vulnerabilities they find to escalate privileges to essentially wind up with the same result, he added.

The bulletins all addressed elevation of privilege and remote code execution vulnerabilities and may require a restart. Administrators should prioritise the remote code execution patches over the privilege escalation ones, according to security experts.

According to the preview announcement, two bulletins address operating system issues, and include both 32-bit and 64-bit versions of Windows XP, Windows Server 2003, 2008, and 2008 R2,Vistaand Windows 7. Two bulletins fix bugs in Microsoft Office 2003, 2007 and 2010, Microsoft Office 2004, 2008 and 2011 for Mac, Microsoft Office Groove, SharePoint Workspace 2010 and the Excel Viewer. The final bulletin is for SharePoint flaws.

Light Tuesday Timely

The light patching load is good news for IT administrators as it frees up time to address the potentially compromised digital certificates after the DigiNotar breach, according to Henry. “Many IT professionals are already busy dealing with replacing their server certificates and also updating user browser/OS software to revoke trust in compromised certificates so this Patch Tuesday is a welcome break,” Henry said.

Microsoft updated all supported versions of the Windows operating system earlier this week to revoke all five DigiNotar root certificates. With the update, Internet Explorer would automatically block sites claiming certificates from the compromised Dutch certificate authority.

While the changes have updated immediately, the company delayed the change for its Dutch customers by a week to give them a chance to obtain new SSL certificates from trusted sources. The update will arrive for Dutch customers on the same day as Patch Tuesday, Microsoft said.

Microsoft is scheduled to distribute the September Patch Tuesday updates on 13 September.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Share
Published by
Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, to help it restructure…

10 mins ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

15 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

18 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

19 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

20 hours ago