Brace yourself. Critical security patches from Microsoft are just around the corner

Graham Cluley

Buggy OutlookOn Tuesday, Microsoft will be releasing its latest bundle of essential security patches – protecting against exploitable vulnerabilities in various versions of Windows, Microsoft Outlook, Microsoft Office, Internet Explorer, Sharepoint and Frontpage.

Preliminary details of what the security updates will cover is detailed in Microsoft’s Patch Tuesday pre-announcement, but perhaps the most serious bugs are the critical remote code execution flaws in Outlook 2007 and Outlook 2010.

Those vulnerabilities could be exploited by hackers to run malicious code on your computer simply by getting you to view a boobytrapped email. It’s easy to imagine how such a flaw could be used in a targeted attack to inject a spyware Trojan horse into an organisation, for instance.

Office 2007 Service Pack 3 and Office 2010 Service Pack 1 are in the firing line, and will need to be patched.

Critical remote code execution vulnerabilities have also been uncovered in versions of SharePoint, while an information disclosure vulnerability needs to be patched in FrontPage 2003 Service Pack 3.

Additionally, “important”-rated vulnerabilities were also discovered in the Office 2013 editions of Excel and Access.

And – surprise, surprise – many different versions of Internet Explorer are being patches once again, this time against remote code execution vulnerabilities.

Even Mac users don’t manage to get away empty-handed this month. Microsoft Office for Mac 2011 is also lined up to receive an “important” update related to remote code execution.

There are also critical security patches for Windows XP and Windows Server 2003. But if you are still using those operating systems you should really start working out your upgrade plans – as Microsoft will no longer issue security updates for these platforms from April 2014.

If you continue to use Windows XP and Server 2003 after April 2014, you will be a sitting duck for malicious hackers.

For most home users the best way to keep on top of the regular security patches is to enable automatic updates.

Windows Update

Things are more complicated for businesses, however, who typically want to test that a security update doesn’t cause conflicts with their systems and force any downtime.

Last month, for instance, Microsoft had to reissue a security patch after the original version broke systems at some companies.

So spare a little love for your poor sysadmin if you see him next week – chances are that he’s going to be busy.

But, whatever your situation, don’t keep your head in the sand about security vulnerabilities. Criminals feast upon security patches like the one due to be published by Microsoft, attempting to reverse-engineer details of the flaws so that they might exploit them in the wild.

When Microsoft releases its patches you should attempt to roll them out across your systems without too much delay.

You can read more about in Microsoft’s advisory for the September 2013 Patch Tuesday.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Brace yourself. Critical security patches from Microsoft are just around the corner”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES