Microsoft to roll out two critical security bug fixes
The Office, IE and Windows updates will be patched in the monthly Patch Tuesday fix
Microsoft will be rolling out seven updates in its Patch Tuesday fix, with two critical and five important.
The first three bulletins will fix vulnerabilities in Windows, IE, Office and Lync.
The first patch will fix a vulnerability, known as CVE-2014-1770 in Internet Explorer 8. The vulnerability allows hackers to access Internet Explorer remotely using an arbitrary JavaScript code execution if the user visit a malicious website or downloads an untrusted file.
Last month, Microsoft was criticised for failing to fix the security hole, discovered in October 2013, at HP's Zero Day Initiative. The ZDI publicly discloses any patch that goes unfixed for six months as a matter of public interest.
Bulletin 2 of Microsoft's Patch Tuesday update fixes problems in Windows, Office and Lync while Bulletin 3 addresses remote access possibilities in Office.
This Patch Tuesday update will also include fixes that address Information disclosure in Windows and Lync Server (patches 4 and 5), denial of service attacks in Microsoft Windows (bulletin 6) and tampering in the Microsoft Windows system (bulletin 7).
This final patch doesn't appear very often in Windows' Patch Tuesday updates, but it allows remote hackers to make a security-related change that should activate security systems, but doesn't, such as installing an unsigned malware addition to digitally signed software or giving the impression of a signed website that is actually a rip-off of an existing certificate.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
All seven patches may require a computer restart, with Windows XP the only system not needing to be reset, with bulletins 1, 2 and 6 all specifying you will need to restart in order for the patch to take effect, across all operating system versions.

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.
-
Balance phone reviewReviews Blocks on social media, streaming, and infinite scrolling through a stylish user interface that sits on top of Android
-
Zoom exec on making sure we lead the change we want to seeIn-deoth “Some people think diversity is the responsibility of people and HR teams. And it's not.”
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security