Microsoft Outlook, Internet Explorer are two of the four Critical bulletins (plus ten bulletins rated as Important) in today’s Microsoft Patch Tuesday. Particularly troublesome is the Outlook vulnerability, which is exploitable via preview pane. By not applying these updates, vulnerable systems are at risk of malware infection and unwanted data disclosure among others.
The four critical bulletins all pose serious risks to users and organizations. If not addressed, the vulnerability in Microsoft Outlook can lead to malware execution once users preview a maliciously crafted email message using Outlook. Applying this patch should be a priority, particularly for organizations who are under the constant threat of targeted attacks by way of spear-phishing.
For the past months or so, Microsoft has consistenly released Critical security bulletins for Internet Explorer. This month is no different, with security patches for ten privately vulnerabilities affecting several IE 6, including a privately reported IE 10 flaw on Windows 8 and RT. Similar to the Outlook vulnerability, an attacker can exploit this to execute a malware.
What is interesting is the inclusion of security patches for Windows XP, which Microsoft will stop supporting by April next year. For users and organizations still using the platform, it is important to start or at least seriously consider migrating to later versions of Windows to avoid threats similar to the Java 6 zero-day exploit seen two weeks ago, in which no consumer security updates are available for users as Oracle has already halted its support for that version.
Security updates for SharePoint, which resolved ten vulnerabilities in the software, rounds up the Critical issues for this month. Those bulletins rated Important include vulnerabilities in MS Office, Excel, FrontPage and Windows, that can lead to varied threats, including an attacker gaining administrative access and risk of information leak among others.
Users are advised to apply these security updates immediately. For IT administrators, applying certain security updates such as the SharePoint might be tricky, as these might need to be tested for any adverse impact on business operations. You may also visit our Trend Micro Threat Encyclopedia page to know more about how Deep Security solution.