News Stay informed about the latest enterprise technology news and product updates.

Patch Tuesday fixes tackle IE, Office flaws

Microsoft issued patches across 14 bulletins for this month's Patch Tuesday update, including fixes for Windows and Office.

Administrators have a hefty number of patches for Windows server and client versions this month.

March patches include five critical updates and nine important updates. All five critical updates address remote code execution vulnerabilities.

The remaining critical updates fix vulnerabilities in Internet Explorer (IE), which is a top priority as one exploit is publicly available, said Wolfgang Kandek, CTO of Qualys, Inc., a cloud security and compliance software provider based in Redwood Shores, Calif.

Another critical update resolves five vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. Customers whose accounts operate with administrative user rights are at higher risk than those whose accounts are configured to have fewer user rights.

The critical update affects all supported editions of Microsoft Office 2007, Office 2013 and Office 2013. The patch corrects how Office handles files in memory and parses specially crafted files. This update should be second on IT administrators' priority lists, as Office is a widely installed product in enterprises, said Amol Sarwate, vulnerability labs manager for Qualys.

One critical update fixes two vulnerabilities in Microsoft Windows that could be exploited if a user browses to a specially crafted website or file. The update affects all supported versions of Windows, including Windows Server Technical Preview. The update corrects how Windows handles the loading of DLL files and how Microsoft Text Services handles objects in memory.

Three of the important updates address elevation of privileges in Windows and Exchange Server. Two important updates deal with information disclosure vulnerabilities in Windows. One important update addresses a spoofing vulnerability in Windows, and another fixes a denial of service vulnerability in Windows. Two separate bulletins address security feature bypass vulnerabilities in Windows. Finally, one important update addresses a vulnerability in Windows that could allow denial of service if an attacker creates multiple Remote Desktop Protocol sessions that fail to properly free objects in memory. 

Windows Server and Exchange administrators should also pay specific attention to the patches that address issues with Remote Desktop and OWA.

Dig Deeper on Windows Server and Network Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

When many patches come out at once it's hard to find the time to make sure none of the patches cause problems with our systems.
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close