The first Patch Tuesday of 2014 is a light beginning to the year with four important and no critical bulletins...
One important security update addresses three vulnerabilities in multiple editions of Microsoft Office as well as Office Web Apps on multiple versions of SharePoint. These vulnerabilities could be exploited if a malicious file is opened in Microsoft Word or other affected Office software. Attackers could gain the same user rights as the person who currently uses the programs.
Because it's on widely used software and a commonly exploited vulnerability, admins should patch this first, said Amol Sarwate, director of IT security firm Qualys Inc.'s vulnerability labs, based in Redwood Shores, Calif.
MS14-002 addresses a vulnerability in Windows that could be exploited if an attacker gains access to a system and runs a malicious application. This security update ties into Windows XP as one of the last times Microsoft will offer support for the system, which ends in April.
Oracle Corp. sent out a number of patches this week including for its Outside In library, which may serve as a clue as to what to expect in the coming months for Microsoft patches.
"I'm sure we'd see an Exchange patch because of [Outside In]" in February or March, said Wolfgang Kandek, chief technology officer of Qualys.
This month's Patch Tuesday security updates are a major departure from the Patch Tuesday trends seen in 2012 and 2013. The last Patch Tuesday of 2013 included security updates for vulnerabilities that appeared more than once during the year, including Internet Explorer and the Outside In library, and the year ended with a total of 106 bulletins.