Microsoft Patches 19 Bugs With 7 Bulletins -- All Critical - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Microsoft Patches 19 Bugs With 7 Bulletins -- All Critical

The vulnerabilities being fixed include a highly critical bug in Microsoft Exchange and a zero-day flaw in the DNS Server Service.

In its monthly Patch Tuesday release, Microsoft today issued seven advisories -- all rated critical -- that patch 19 vulnerabilities that affect Windows, Office and Internet Explorer.

Three of the security bulletins handle bugs in Microsoft Office, with one each for Windows, Microsoft Exchange and Internet Explorer. One of the security bulletins also tackles a vulnerability in CAPICOM, which is an ActiveX control, and BizTalk, which is a central Microsoft platform for application integration.

Two of the vulnerabilities affect Microsoft's highly-touted Windows Vista operating system, while six of them are bugs in various versions of the company's ubiquitous browser, Internet Explorer. Five of the bugs are in IE7.

Seven different vulnerabilities, according to the advisory, could lead to code execution attacks against Word, Excel and Office.

"I think we are, in general, pleased because it does take care of a lot of issues, especially the DNS server vulnerability," said Amol Sarwatee, manager of vulnerability research labs at Qualys. "That was a zero-day that was out in the wild being exploited. We were really expecting a patch for it before today's patch Tuesday release."

The DNS issue was a zero-day vulnerability in several of Microsoft's server products could enable a hacker to divert the Web traffic of not just a single user but of a company's entire roster of employees.

Sarwatee called the DNS bug and the vulnerability in Exchange the most critical out of all the flaws being patched today.

Symantec also pointed out the Exchange bug as one of the more critical issues being fixed this month. The remote code execution vulnerability affects the MIME (Multipurpose Internet Mail Extensions) decoding mechanism of Microsoft Exchange Server, affecting versions 2000, 2003 and 2007.

According to a security bulletin from Symantec, for the attack on Exchange to be successful, a user must open a malformed attachment. "A successful attack could completely compromise the computer hosting the vulnerable Exchange server and has the potential for impacting a large audience," reported Symantec researchers.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll