Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft has released three patches as part of its monthly security update.The update closes 11 vulnerabilities, only one of which earned the severity rating of "critical". None of the flaws have been exploited in the wild.In a blog post, the Microsoft Security Response Center Team encouraged customers to prioritise bulletin MS10-087, which resolves five vulnerabilities affecting Office. The patch drew a "critical" rating for Office 2007 and 2010 thanks to a flaw that could be exploited to execute remote code if a user simply views a malicious RTF (rich text format) file as part of a drive-by attack."Although this vulnerability is not publicly known, we are likely to see exploit attempts against [it] in the near future," Jason Miller, data and security team manager at Shavlik Technologies, said. "RTF document attachments are typically not blocked and [are] used as a common shared file format like PDF files." Meanwhile, MS10-088 addresses two vulnerabilities in PowerPoint that could be exploited to execute remote code if a user opens a specially crafted PowerPoint file. The bulletin, however, only garnered an "important" rating because user interaction is required to be infected.Finally, MS10-089 takes care of four flaws in Unified Access Gateway, part of the Forefront enterprise security product line. The most significant of the bugs could allow for privilege escalation."No big shockers this month as Microsoft only releases three bulletins," said Josh Abraham, security researcher at Rapid7. "This is good news for anyone that is still behind on their patching after last month's monster Patch Tuesday." Not fixed in this week's update was a dangerous zero-day exploit, revealed last week, affecting Internet Explorer. Microsoft's next update is due on December 14.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.