Microsoft originally gave everyone just five weeks to put Windows 8.1 Update in place, but quickly backed off under pressure from corporate customers. However, none of next week's nine updates will reach devices running Windows 8.1 unless they've been upgraded to Windows 8.1 Update, the mandated collection Microsoft released in mid-April. Seven of the scheduled updates were tagged "important," the threat rating immediately below critical, and will affect some or all versions of Windows OneNote 2007 Service Pack 3 (SP3) SQL Server 2008, 2008 R2, 20 Windows Media Center TV Pack for Windows Vista and SharePoint Server 2013. "This points to an issue either in an authentication mechanism, or a service that might be listening remotely," Barrett contended. Ross Barrett, senior manager of security engineering at Rapid7, pegged the Windows update, designated "Bulletin 2" by Microsoft, as "more interesting" than the IE fixes. The second critical update will patch one or more remote code executable vulnerabilities in Windows 7, Windows 8 and Windows 8.1, which collectively power nearly 70% of all in-use Windows PCs. The bulk of the May and June IE updates comprised memory corruption bug fixes. "I expect we will see over 10 vulnerabilities, mostly relating to memory corruption, being resolved in this ," said Chris Goettl, product manager for patch-management vendor Shavlik, also in a Thursday email. "First on our radar this month is an update for IE," said Russ Ernst, direct of product management for Lumension, in an email today. Security experts recommended customers apply the IE update before any others because of the browser's widespread use, particularly in the workplace, and also because it is often the target of choice for cyber criminals trying to plant malware on PCs. Microsoft did not reveal the exact number of individual patches in this month's IE bulletin. In May, it patched 60 vulnerabilities in the browser, while June's update fixed 24, both above-average tallies for an IE security update. Microsoft has been on an IE patching tear of late. ![]() Microsoft revealed the plug-in blocking in a separate announcement yesterday. ![]() Also in the mix for next week's "Patch Tuesday" but not called out in today's advanced notification, will be changes to IE8, IE9, IE10 and IE11: After the update, those browsers will block all outdated versions of the Java ActiveX control, or plug-in.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |