News

Microsoft Patch Tuesday brings fixes to Office, Windows

Toni Boger, Assistant Site Editor, and Jeremy Stanley, Associate Site Editor

The first Patch Tuesday of 2014 is a light beginning to the year with four important and no critical bulletins.

One important security update addresses three vulnerabilities in multiple editions of Microsoft Office

Requires Free Membership to View

as well as Office Web Apps on multiple versions of SharePoint. These vulnerabilities could be exploited if a malicious file is opened in Microsoft Word or other affected Office software. Attackers could gain the same user rights as the person who currently uses the programs.

Because it's on widely used software and a commonly exploited vulnerability, admins should patch this first, said Amol Sarwate, director of IT security firm Qualys Inc.'s vulnerability labs, based in Redwood Shores, Calif.

MS14-002 addresses a vulnerability in Windows that could be exploited if an attacker gains access to a system and runs a malicious application. This security update ties into Windows XP as one of the last times Microsoft will offer support for the system, which ends in April.

The other important bulletins address vulnerabilities in Windows kernel-mode drivers and Microsoft Dynamics AX. The complete list of this month's security updates can be found here.

Oracle Corp. sent out a number of patches this week including for its Outside In library, which may serve as a clue as to what to expect in the coming months for Microsoft patches.

"I'm sure we'd see an Exchange patch because of [Outside In]" in February or March, said Wolfgang Kandek, chief technology officer of Qualys.

This month's Patch Tuesday security updates are a major departure from the Patch Tuesday trends seen in 2012 and 2013. The last Patch Tuesday of 2013 included security updates for vulnerabilities that appeared more than once during the year, including Internet Explorer and the Outside In library, and the year ended with a total of 106 bulletins.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: