patch

Microsoft plugged 40 holes with 17 patches today and said it will improve the security of Office 2003 and Office 2007 by adding a feature to the older versions of its productivity software that opens files in Protected View.

Customers should focus on the two critical bulletins that are part of Microsoft's monthly Patch Tuesday security update, says Jerry Bryant, group manager for response communications in Microsoft's Trustworthy Computing Group. The first is MS10-090, a cumulative update for Internet Explorer. It fixes seven vulnerabilities in the browser and affects IE 6, 7 and 8. There have been attacks … Read more

Microsoft said today that next week's Patch Tuesday will bring 17 updates plugging 40 holes and featuring two rated "critical," including one in Internet Explorer that was targeted in attacks last month.

The critical IE vulnerability was written for IE 6 and 7 but IE 8 is also vulnerable, Microsoft said when it issued a warning about it in November.

Also fixed on Tuesday will be the final of four holes in Windows that the Stuxnet malware used.

"This is a local Elevation of Privilege vulnerability and we've seen no evidence of its use in … Read more

The latest beta of Microsoft's upcoming Internet Explorer 9 browser has two new fixes out that the company says will improve stability, as well as squash a feedback bug some users had been experiencing.

The stability fix, which rolled out as an automatic update to IE9 beta users mid-day yesterday, should address some of the issues users have had with the browser crashing. Microsoft did not go into detail on if this was tied to any specific usage behavior, or any add-ons, just that it "improves the reliability of Internet Explorer 9 Beta in various scenarios."

The … Read more

Microsoft issued three security bulletins today fixing 11 holes, including one rated "critical" that could be used by an attacker to send a malicious e-mail that is previewed only or opened by default in Word.

The priority update, MS10-087, resolves five issues affecting all currently supported Microsoft Office products. The bulletin is rated "critical" for Office 2007 and Office 2010 "due to a preview pane vector in Outlook that could trigger the vulnerability when a customer views a specially crafted malicious RTF (Rich Text Format) file," a Microsoft Security Response Center blog post said. … Read more

Microsoft says it will release three security updates on Patch Tuesday next week, fixing 11 vulnerabilities in Microsoft Office and its Unified Access Gateway virtual private networking software.

One of the bulletins has a "critical" severity rating and the other two are rated "important," Microsoft said today in a Microsoft Security Response Center blog post.

In addition to Microsoft Forefront Unified Access Gateway, affected software includes Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office for Mac 2011, and the 32-bit and 64-bit editions of Office 2010, according to … Read more

Plugged security holes and stability fixes come to fans of the Opera browser as its Norwegian publisher released version 10.63 on Tuesday.

Available for Windows, Mac, and Linux, Opera 10.63 patches numerous problems that could have posed security risks, including a cross-domain check bypass that allowed data theft, a site address spoof, a reload and redirect problem that also could've allowed spoofing and cross-site scripting, a problem reported by Microsoft that allowed private video streams to be intercepted, and a flaw that caused JavaScript to run in the wrong security context after manual interaction.

Other problems that … Read more

In a record Patch Tuesday, Microsoft released updates today for Windows, Internet Explorer, and the .NET framework that feature fixes for 49 holes, including one being exploited by the Stuxnet worm.

Microsoft recently fixed two of the four unpatched holes being used by Stuxnet to spread to Windows-based machines. The malware ultimately targets systems running software from Siemens that is used in critical infrastructure operations. Today's release plugs one (MS10-073) of the remaining two holes and the company said in a blog post that the final hole will be addressed in an upcoming security bulletin.

Meanwhile, Microsoft provided a … Read more

Microsoft will fix a record 49 vulnerabilities in its Patch Tuesday release next week that will involve 16 security bulletins affecting Windows, Internet Explorer, Office, and the .NET framework.

Four of the bulletins carry a "critical" rating, 10 are rated "important," and two are "moderate," according to the advisory.

They affect specifically Windows XP, Vista, Windows 7, Windows Server 2003 and 2008, Microsoft Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office 2010, Office 2004 for Mac and 2008 for Mac, Windows SharePoint Services 3.0, SharePoint … Read more

As expected, Adobe released updates for Reader and Acrobat today that fix 23 holes in the popular PDF-viewing programs, including two that are actively being exploited in attacks that could allow someone to take control of the computer.

One of the critical vulnerabilities is being used in attacks against Reader and Acrobat; the other, fixed in an emergency update late last month, targets Flash Player.

The updates affect Adobe Reader 9.3.4 for Windows, Macintosh, and Unix; Adobe Acrobat 9.3.4 for Windows and Macintosh; and Adobe Reader 8.2.4 and Acrobat 8.2.4 for Windows … Read more