Microsoft will release seven security bulletins for Windows and some programs this month, starting March 12. The Redmond giant has also posted an advance notification on its Security TechCenter. The security bulletins address issues (severities ranging from Critical to Important) affecting a host of the company's software.
The first bulletin will address a remote code execution vulnerability affecting Windows and Internet Explorer. The advance notification rates this vulnerability as critical and one that requires a restart. The second bulletin addresses a remote code execution vulnerability affecting Microsoft Silverlight. This vulnerability has also been rated critical, but does not require a restart. The third bulletin addresses a remote code execution vulnerability affecting Office, and has been rated as critical in terms of severity. The fourth security bulletin addresses a critical elevation of privilege vulnerability affecting both the Office and Server suites. The fifth and sixth security bulletins address an information disclosure vulnerability affecting Microsoft Office, and are rated as Important. The last bulletin again addresses an elevation of privilege vulnerability affecting Windows.
To issue patches for vulnerabilities
Microsoft has also listed security updates that users may need to install. It suggests that users should look up each program to check for any relevant security updates pertaining to that installation. Microsoft has also listed the severity rating of each security update. Its security patches are largely for Windows and its components, the Office suites, developer tools and software, and Sharepoint. Users can catch the details of all the security updates Microsoft has listed the details of all the security updates on the Security TechCenter.
Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations.
The update will be automatically installed on infected machines that have automatic updates enabled, and fixes a “use after free” bug in Internet Explorer 6, 7 and 8, according to Ars Technica. The update was pushed out to counter an experienced gang of hackers who were exploiting the vulnerability.
The update for IE came on the heels of another update that fixed a remote code execution loophole in the same versions of Internet Explorer. Microsoft had affirmed that it has added a link to the Microsoft Fix it solution, “MSHTML Shim Workaround”, that prevents this issue from being exploited.
What was worrying about the vulnerability was that once the attacker managed to successfully crack the vulnerability, they could obtain the same user rights as the current user. “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft's security advisory revealed.