Microsoft to issue 8 updates, 3 critical, on Patch Tuesday
Summary: All supported versions of Microsoft Windows, Office and Internet Explorer are affected by at least one of the eight bulletins. Microsoft also clarified the impact of this week's disclosure of another vulnerability in Windows, Office and Lync.
This coming Tuesday, November 12, Microsoft will release eight updates for Microsoft Windows, Office and Internet Explorer to patch an as-yet unspecified number of vulnerabilities in them. Three of the updates, affecting Windows and Internet Explorer, are rated critical.
All supported versions of Windows, including the recently-released 8.1, are affected by at least one critical vulnerability. The one bulletin that affects Internet Explorer fixed a critical vulnerability in all versions of the browser, includng the brand new Internet Explorer 11. Three other Windows bulletins are rated Important.
Two other bulletins, both rated important, affect all supported versions of Microsoft Office.
Microsoft will also release their other usual monthly updates, including a new version of the Malicious Software Removal Tool and a large number of non-security updates.
Earlier this week Microsoft disclosed a vulnerability affecting some versions of Windows and Office and all versions of Microsoft Lync. The vulnerability is being used in zero-day attacks specifically against Office. The Patch Tuesday updates this month will not address this vulnerability.
Today Microsoft issued a clarification of the bulletin for that vulnerability. The main point of the clarification is that only some Office users are being attacked, not users of the other products who are not running an affected version of Office. The confusing nature of the product matrix comes from the confusing way in which GDI+, the affected component, is bundled with different products. If you are concerned about the vulnerability see the Microsoft bulletin for instructions on how to work around it until an update is ready from Microsoft.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Ill wait thanks
Lets face it, their last few patches have been pretty scrappy mate.
Larry, would you be to do a story about doping transistors on routers and switches (Ive been reading your threads for a while and they always seem to be the most level headed || logical posts on this site)?. Currently in Australia its speculation that is why the government inst going with one of the Chinese competitors.
doping transistors, etc
Thanks mate
link here
welivesecurity.com/2013/09/17/chemical-trojans-baked-into-circuits-could-offer-invisible-way-to-steal-secrets/
Doping transistors is not sabotage.
You may be thinking of "flashing" or "burning" malware into "read only" chips that make a computer or peripheral work (these chips CAN be written into, but not by normal memory access instruction, only by a pseudo-write function to an I/O device address).
update?
Do a little reading
The continued and increasingly frequent and/or more voluminous number of patches every month for all OS platforms should make it very clear that this is a very hard problem to solve.
Especially with Windows
Have you ever written complex software?
Just look at the Linux logs and the fact Linus wants the 4.0 Kernel release to be purely bug fixing, with no new features...
The biggest problem with software is that it is written by humans and humans are never perfect, therefore the products they generate are rarely perfect and the more complex those products are, the more imperfections they contain. In art it might be a sought after facet of the end product to see the imperfections, in software, especially business or internet facing software we don't want those imperfections, so we constantly fight to improve the products.
Complex software
I heard that Lotus 1-2-3 v2.2 (or was it 2.3) was bug-free... :-)
Bug free?
We had one set of worksheets that started doing random things! We tried tracing the macros and everything ran fine, but let the macros actually run, not single step, and it gave out random results. In the end we sent the worksheets to Lotus and their reaction was "wow, we never expected anybody to do anything that complex in 1-2-3!" They recommended that we remodel it in C++! :-D
Bug-free?
:-)
I guess none of us used macros to test it...
In the old IBM mainframe world, there was ONE program
So if a program THAT SIMPLE took two tries to get right, how many iterations would be needed to get a large, complex program perfectly correct)?
A secure OS
Secure your installed OS yourself
Aahh virtualization...
Of course, at least the illusion of software isolation and security makes you feel warm and fuzzy inside.. :)
Windows 7 & 8
I feel like you're
Leave the Jihad out of here please
Nothing new
Until everyone stops feeding the trolls they will continue. That won't happen because many of us can't stand to let a bald face lie go unanswered.