Microsoft has prepared seven bulletins for Patch Tuesday this month, four ranked critical and another three rated important, covering a handful of flaws.
Three of the vulnerabilities could allow an attacker to execute code remotely on a target machine, while two could let hackers elevate privileges to take control of a system.
“It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work. It will be interesting to see the attack vector for this vulnerability that warrants the ‘critical’ rating,” said Wolfgang Kandek, CTO at Qualys.
The other important updates relate to OneNote, Office 2010 for Mac, and the Windows OS.
Google and Mozilla have already pushed out patches preventing exploits shown to have breached the Chrome and Firefox browsers at PWN2OWN.
Microsoft’s Internet Explorer 10 browser was broken in the competition, but it is unclear when the tech giant will cover the security hole penetrated by French exploit seller VUPEN. In the past, VUPEN has been reluctant to share details of its research with vendors, choosing to keep them for customers only.
At the time of publication neither Microsoft nor VUPEN had responded to a request for comment.
Are you a security expert? Try our quiz!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…