Microsoft Plans Four 'Critical' Security Bulletins Next Week - InformationWeek
Software // Operating Systems
02:38 PM
Connect Directly
[Cyberattacks] Using Data as Your First Line of Defense
Aug 10, 2017
Attend this webinar to learn how you can determine which threats pose the greatest danger to your ...Read More>>

Microsoft Plans Four 'Critical' Security Bulletins Next Week

The four bulletins are titled "Windows Media Player Bulletin," "Windows Bulletin," "Windows Media Encoder Bulletin," and "Office Bulletin."

Microsoft plans to release four security fixes next week as part of its regularly scheduled patch day, which this month falls on Tuesday, September 9.

All four of the Security Bulletins are designated 'critical' because they involve the possibility of remote code execution.

The four bulletins are titled "Windows Media Player Bulletin," "Windows Bulletin," "Windows Media Encoder Bulletin," and "Office Bulletin."

Though there are only four bulletins, far fewer than the 11 released last month, the September patch cycle won't be a cakewalk. The "Windows Bulletin" covers many vulnerabilities in different software components.

Two of the bulletins are related to Windows Media software, Media Player 11 and the Media Encoder. Media files have become a common attack vector because it's generally easier to trick someone into opening a malicious Paris Hilton video than, say, a malicious Paris Hilton Visio file.

Next month, Microsoft plans to begin providing additional information to business professionals and security vendors to help make security patches easier to understand and to prioritize.

Starting with its October patch cycle, Microsoft will rate the likelihood that vulnerabilities will be exploited using the Microsoft Exploitability Index. Vulnerabilities will be rated using one of three designations: Consistent Exploit Code Likely, Inconsistent Exploit Code Likely, and Functioning Exploit Code Unlikely. The aim is to help IT professionals figure out which patches should be applied immediately.

Microsoft will also begin providing security information to large third-party security companies in advance of official publication through the Microsoft Active Protections Program.

The two new programs are part of Microsoft's six-year-old Trustworthy Computing initiative.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll