It Must Be Tuesday Again

Because Microsoft comes bearing gifts.

Patch Tuesday: Critical security holes in Microsoft Office

Microsoft has shipped a patch for to fix several critical security holes affecting its Office productivity suite and warned that hackers can use RTF (Rich Text Format) e-mails to launch code execution attacks.

The MS10-087 bulletin, which is considered a high-priority update, patches a total of 5 documented vulnerabilities affecting all currently supported Microsoft Office products.

It is rated critical for Office 2007 and Office 2010 because of a preview pane vector in Microsoft Outlook that could trigger the vulnerability when a customer views a specially crafted malicious RTF file, the company explained.

The update also patches the DLL load hijacking attack vector that haunted multiple Windows applications, including Microsoft’ own Office software.

Microsoft urges Office users to consider this a “top priority bulletin” and warned that reliable exploit code is likely within the next 30 days.

As part of the November Patch Tuesday release, the company also patched a pair of security flaws in Microsoft PowerPoint and four documented flaws in Unified Access Gateway (UAG), which is a component of Microsoft Forefront.

See also:
Microsoft Security Bulletin MS10-087 – Critical
Microsoft Office Takes Center Stage for Patch Tuesday
Small, But Serious Patch Tuesday
Microsoft Patch Tuesday: Updates for Office and Forefront
Microsoft patches critical Outlook drive-by bug
Microsoft plugs hole related to Word-launched e-mails
Microsoft Patch Tuesday Update Will Not Fix IE Flaw
IE zero-day vulnerability not part of light Patch Tuesday
Microsoft tiny Patch Tuesday has no IE fix
Microsoft’s Patch Tuesday for November does not include a fix for a zero-day flaw in Internet Explorer
Windows Update

Well, apparently Microsoft didn’t quite get to fixing everything that’s wrong with their software this time around, but you had better install the patch anyway.

/so, until next time, and you know there will be a next time . . .

Okay Kids, It’s Tuesday, Remember What We Do On Tuesdays?

Why, we patch Windows on Tuesdays!

Microsoft Issues Four Patches, Fixes Critical Help Center Flaw

Microsoft (NSDQ:MSFT) released a mild bulletin for its July Patch Tuesday, repairing a total of five vulnerabilities with four security updates in Windows and Office, including a critical Help and Support Center flaw already exploited in the wild.

Of the four patches Microsoft released, three are considered critical, indicating that they can enable hackers to launch malicious attacks via remote code execution. The three critical flaws occur in both Microsoft Windows and Office, which included flaws in the Microsoft Help and Support Center, ActiveX and Canonical Display Driver. The fourth patch, ranked with the slightly less severe rating of “important,” occurs in Microsoft Outlook.

Hands down, security experts recommend that users apply a patch repairing a critical Help and Support Center flaw in Windows XP and supported editions of Windows Server 2003, which is currently being exploited in active attacks.

See also:
Microsoft security updates for July 2010
It’s Microsoft Patch Tuesday: July 2010
Microsoft Patch Tuesday for July 2010: four bulletins
Microsoft Issues Four Security Bulletins
Microsoft patches critical bugs in Windows, Office
Microsoft Patches Critical Security Holes, Ends Windows XP SP2 Support
One final patch for Windows XP Service Pack 2 before it reaches end-of-life
Microsoft Patches Windows, Office Bugs

You all know the drill for fixing this magnificent Bill Gates software.

/so, load ’em down, patch ’em up, patch ’em up, shut ’em down, boot ’em up, ride ’em on, Windows!