Microsoft To Fix 4 Holes In Windows, Office On Patch Tuesday

[ritchie58]

Contrary to last month when Microsoft plugged 22 holes on Patch Tuesday, only four holes will be fixed in the company's monthly security update roundup next week.

 

There will be three bulletins, one of them rated "critical" for Microsoft Windows and the other two rated "important" and affecting Windows and Office, according to the preview advisory released today.

 

While they are few in number, they are not to be ignored. They all involve remote code execution, which means an attacker could force code to run on a target's machine and could lead to a complete takeover of the computer.

 

"The upcoming Patch Tuesday includes a fix for a DLL (dynamic-link library) hijacking vulnerability in the Microsoft Groove application," said HD Moore, chief security officer at Rapid7 and chief architect at Metasploit. "This was one of the hundreds of flaws discovered last year by both Rapid7 and another security firm. I am glad to see that Microsoft is making progress on these vulnerabilities and continuing to fix affected applications."

 

Originally posted at InSecurity Complex by, Elinor Mills