Microsoft rushes to fix two critical flaws

Patch Tuesday

Critical vulnerabilities in Internet Explorer and Sharepoint are to be fixed in Microsoft's Patch Tuesday.

The two critical updates cover flaws in IE7 and above as well as Sharepoint. The remaining six bulletins cover flaws marked as "important".

Three remote code execution vulnerabilities will be addressed; two of these are marked critical, meaning the flaws can be exploited by hackers without user interaction.

The remote code execution flaw affects Internet Explorer from version 6 to IE 11 on all Windows platforms, according to a notificationposted on Thursday. The other remote code execution bug affects SharePoint Server 2007, 2010 and 2013.

The third remote code execution bug, marked as important, affects Microsoft Office 2007, 2010 and 2013.

The remaining patches address elevation of privileges vulnerabilities in Windows and .NET Framework. Another fixes a denial-of-service problem in Windows. The final bulletin covers a security feature bypass in Microsoft Office.

Russ Ernst, director of product management at Lumension said in blog post that a critical fix for IE is first on the advance notification list this month too.

"The bad guys continue to wage war on what remains one of the most popular browsers so, for organisations that rely on it, IT needs to patch monthly, at a minimum," he said.

Rapid7 senior manager of security engineering Ross Barrettsaid the patching priority is definitely the two critical issues and should be a focus of remediation resources first.

"The omnipresent critical patch in IE is a close second in terms of importance, from the advance notice point of view," he said.

Microsoft was forced to issue an out-of-band patch for its browser in XP machines, after it said it would no longer support Windows XP.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.