Skip navigation
Currently Being Moderated

Update

Please note that it is not only Microsoft Patch Tuesday, but Adobe is also preparing a patch release for Tuesday which will address critical flaws in Adobe Reader 8,9 and 10 (X).

Further, Microsoft inadvertently changed the September Patch Tuesday Bulletin page to reveal more details on next week's patches. We will be seeing 5 bulletins MS11-070 for WINS, MS11-071 for Windows, MS11-072 for Microsoft Excel, MS11-073 for Microsoft Office and MS11-074 for Sharepoint.

All updates are categorized as "important" by Microsoft, but as Amol has pointed out we usually consider vulnerabilities that allow "Remote Code Execution" as critical, especially if they involve applications as widely installed and trusted as Excel and Office.

SANS has a page up on their blog that has more details, such as the CVEs covered and that one of the Sharepoint vulnerabilities was publicly disclosed. Sharepoint users should pay extra attention and might also take a look at a demo video that Immunity has up showing how to gain control over a outdated Sharepoint server.

Original

Guest post from Amol Sarwate, Vulnerability Labs Manager for Qualys

Microsoft announced today that it will release security fixes for five important security updates on September 13. This is the first patch Tuesday in recent times that does not have a single critical update. It is also a relatively small update and is consistent to the cycle of smaller patches every other month.

Top priority should be given to remote code execution Microsoft Office patches that affect Excel 2003 through Excel 2010 and Office 2003 through Office 2010. Another high priority is the Windows patch that fixes a remote code execution flaw in Windows XP, Windows Vista, Windows 7, Windows 2003 and Windows 2008.

Other patches can be evaluated at a relatively lower urgency because attackers already need lower privilege access to the target system to execute the exploit. This includes the Windows 2003/2008 and SharePoint Server 2007 security update.

We expect a smooth deployment of these patches by IT departments who are already used to the Microsoft Patch Tuesday cycles.

Comments (0)