Patch Tuesday To Fix Four ‘Critical’ Flaws

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

Microsoft is readying its Patch Tuesday update that will fix 13 vulnerabilities, including four that are rated critical

Microsoft continues to roll out security fixes for its software after it readied 13 fixes contained in nine bulletins for September’s Patch Tuesday.

The bulletins are slated to address a total of 13 vulnerabilities. Four of the bulletins carry a rating of “critical,” Microsoft’s highest severity rating. Among those are fixes for remote code execution bugs in Microsoft Office and Windows.

The remaining five bulletins – which are all rated “important” – all affect Windows, and include both privilege escalation and remote execution issues.

DLL Hijacking

“I expect some of the bulletins to address DLL Hijacking issues in Microsoft’s own products, but it will be interesting to see if Microsoft will change its guidance for Hotfix KB2264107,” blogged Wolfgang Kandek, CTO of Qualys. “Currently it is only at the advisory level and users have to make an active decision to get protection against DLL Hijacking in 3rd party applications.

“As last month, Windows XP SP2 users do not have any patches supplied to them, even though the majority of updates for XP SP3 most likely apply to their discontinued version of the OS as well,” he added. “Windows XP SP2 users should upgrade to SP3 as quickly as possible.”

The bulletins are scheduled for release 14 September.